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About This Guide 


This guide describes how to convert Novell Cluster Services cluster nodes and resources from 
NetWare 6.5 Support Pack (SP) 8 (with the latest patches) to Novell Open Enterprise Server (OES) 2 
SP3. 


This guide includes the following sections: 
¢ Chapter 1, “What’s New for Novell Cluster Services Cluster Conversion from NetWare to 
Linux,” on page 9 
¢ Chapter 2, “Planning the Cluster Conversion,” on page 11 
¢ Chapter 3, “Planning the Conversion of Cluster Resources,” on page 17 
¢ Chapter 4, “Planning the Conversion of Load and Unload Scripts,” on page 21 
¢ Chapter 5, “Converting NetWare 6.5 Clusters to OES 2 Linux,” on page 29 
e Chapter 6, “Novell AFP,” on page 37 
¢ Chapter 7, “Apache HTTP Server,” on page 39 
¢ Chapter 8, “Novell Archive and Version Services,” on page 55 
e Chapter 9, “eDirectory Server Certificates,” on page 57 
¢ Chapter 10, “Novell CIFS,” on page 59 
¢ Chapter 11, “Novell Distributed File Services VLDB,” on page 61 
+ Chapter 12, “DHCP Server,” on page 63 
¢ Chapter 13, “DNS Server,” on page 65 


¢ Chapter 14, “Novell iPrint,” on page 67 

+ Chapter 15, “MySQL,” on page 73 

¢ Chapter 16, “QuickFinder Server,” on page 75 

¢ Chapter 17, “Novell Storage Services Pools,” on page 79 
+ Appendix A, “Documentation Updates,” on page 81 


Audience 


This guide is intended for Novell Cluster Services administrators and other administrators that are 
responsible for clustered services and data. It is assumed that readers of this guide have a basic 
understanding of Novell Cluster Services and of the services and file systems that are being 
clustered. 


Feedback 


We want to hear your comments and suggestions about this manual and the other documentation 
included with this product. Please use the User Comments feature at the bottom of each page of the 
online documentation, or go to www.novell.com/documentation/feedback.html and enter your 
comments there. 
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Documentation Updates 


For the most recent version of the OES 2 SP3: Novell Cluster Services Conversion Guide, visit the OES 2 
SP3 documentation Web site (http://www.novell.com/documentation/oes2). 


Additional Documentation 


For documentation on Novell Cluster Services and cluster resources management, see the OES 2 SP3 
Clustering (High Availability) documentation Web site (http://www.novell.com/documentation/ 
oes2/cluster-services.html). 


For information about managing a NetWare cluster, see the “Clustering NetWare Services” list on the 
NetWare 6.5 SP8 Clustering (High Availability) documentation Web site (http://www.novell.com/ 
documentation/nw65/cluster-services.html#clust-config-resources). 
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1.1 


1.2 


What’s New for Novell Cluster Services 
Cluster Conversion from NetWare to 
Linux 


This section describes changes for converting Novell Cluster Services clusters from NetWare 6.5 
Support Pack 8 (SP8) to Novell Open Enterprise Server (OES) 2 Support Pack 3 (SP3). 

¢ Section 1.1, “What’s New (May 2013),” on page 9 

è Section 1.2, “What’s New (April 2013),” on page 9 

+ Section 1.3, “What's New (January 2013),” on page 10 

¢ Section 1.4, “What's New (January 2012),” on page 10 


What’s New (May 2013) 


In addition to bug fixes, Novell Cluster Services provides the following enhancement and behavior 
changes in the May 2013 Scheduled Maintenance for OES 2 SP3: 


Updated the DHCP PID File Location in the DHCP_Template 


In the DHCP_Template for DHCP cluster resources, the PID file location was changed to /var/1ib/ 
dhep/var/run/dhcpd.pid. The change applies automatically to any newly created DHCP cluster 
resources. For information about configuring DHCP cluster resources, see “Configuring DHCP with 
Novell Cluster Services for the Linux File System” in the OES 2 SP3: Novell DNS/DHCP 
Administration Guide. 


What’s New (April 2013) 


Upgrade to eDirectory 8.8.7 


An upgrade to Novell eDirectory 8.8 SP7 is available in the April 2013 Scheduled Maintenance for 
OES 2 SP3. For information about the eDirectory upgrade, see TID 7011599 (http://www.novell.com/ 
support/kb/doc.php?id=7011599) in the Novell Knowledgebase. 


There will be no further eDirectory 8.8 SP6 patches for the OES platform. Previous patches for Novell 
eDirectory 8.8 SP6 are available on Novell Patch Finder (http://download.novell.com/patch/finder/ 
#familyld=112&productId=29503). 
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1.3 


1.4 


What’s New (January 2013) 


Upgrade to Novell iManager 2.7.6 


The January 2013 Scheduled Maintenance for OES 2 SP3 includes a channel upgrade from Novell 
iManager 2.7.5 to Novell iManager 2.7.6. 


Novell iManager 2.7.6 provides the following enhancements: 


+ Microsoft Internet Explorer 10 certification in the desktop user interface view on Windows 8 
(excluding Windows 8 RT) and Windows Server 2012. 

+ Apple Safari 6.0 certification on Mac OSX Mountain Lion (version 10.8). 

+ iManager Workstation certification on Windows 8 Enterprise Edition (32-bit and 64-bit). 

+ Manager 2.7.6 support for Tomcat 7.0.32. and Java 1.7.0_04 versions. 


iManager documentation links in this guide have been updated to reflect this change. 


iManager 2.7.6 documentation is available on the Web (https://www.netig.com/documentation/ 
imanager/). For earlier iManager versions, see “Previous Releases” (https://www.netiq.com/ 
documentation/imanager27/#prev). 


Novell Client Support for Windows 8 and Server 2012 


The January 2013 Scheduled Maintenance for OES 2 SP3 announces the availability of Novell Client 2 
SP3 for Windows with support for: 


¢ Windows 8 (32-bit and 64-bit) excluding Windows 8 RT 
+ Windows Server 2012 (64-bit) 


Novell Client 2 documentation links in this guide have been updated to reflect the release of SP3. 


Novell Client 2 SP3 for Windows documentation is available on the Web (http://www.novell.com/ 
documentation/windows_client/). Documentation for earlier versions is available under Previous 
Releases (http://www.novell.com/documentation/windows_client/#previous). 


New Novell Cluster Services Plug-in for iManager 2.7.5 and Later 


The Clusters plug-in for Novell iManager 2.7.5 or later was released in OES 11 SP1. It supports the 
management of OES and NetWare clusters and resources. The availability of different cluster 
management features depends on the version of Novell Cluster Services and the server platform that 
are installed on the cluster being managed. A comparison of the old and new interface is available in 
“What's New (January 2013 Patches)” (http://www.novell.com/documentation/oes2/clus_admin_lx/ 
data/ncs_new_jan2013.html) in the OES 2 SP3: Novell Cluster Services 1.8.8 Administration Guide for 
Linux (http://www.novell.com/documentation/oes2/clus_admin_lx/data/h4hgu4hs.html). 


What’s New (January 2012) 


The NetWare to Linux conversion of Novell Cluster Services clusters is supported from NetWare 6.5 
SP8 (with the latest patches applied) to OES 2 SP3 on the SUSE Linux Enterprise 10 SP4 operating 
system. 
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Planning the Cluster Conversion 


Upgrading a NetWare 6.5 SP8 cluster to Novell Open Enterprise Server 2 SP3 Linux is a multi-phase 
process referred to as a rolling cluster conversion. This approach lets you keep your cluster up and 
running and lets your users continue to access cluster resources while the conversion is in progress. 
During a rolling cluster conversion, one server is converted to OES 2 while the other servers in the 
cluster continue running NetWare 6.5. Then another server can be converted to OES 2, and then 
another, until all servers in the cluster have been converted. During the conversion, you can also add 
OES 2 servers to the cluster, and remove NetWare 6.5 servers from the cluster. 


Before you begin a conversion, ensure that your system meets the requirements and caveats 
described in this section. In addition, your OES 2 Linux nodes and network environment must meet 
the cluster requirements as described in “Planning for Novell Cluster Services” in the OES 2 SP3: 
Novell Cluster Services 1.8.8 Administration Guide for Linux. 

è Section 2.1, “Supported Conversion Paths,” on page 12 

+ Section 2.2, “Supported Mixed-Node Clusters,” on page 12 

+ Section 2.3, “SBD Devices Must Be Marked as Shareable for Clustering,” on page 12 

è Section 2.4, “Syntax Translation Issues for Load and Unload Scripts,” on page 13 

¢ Section 2.5, “Case Sensitivity Issues,” on page 13 

+ Section 2.6, “Adding a New NetWare Node to a Mixed-Node Cluster,” on page 13 

+ Section 2.7, “Converting Multiple NetWare Cluster Nodes to OES 2 Linux,” on page 13 

+ Section 2.8, “Converting Nodes that Contain the eDirectory Master Replica,” on page 14 

+ Section 2.9, “Failing Over Service Cluster Resources on Mixed-Node Clusters,” on page 14 

+ Section 2.10, “Failing Over Data Cluster Resources on Mixed-Node Clusters,” on page 14 

è Section 2.11, “Managing File Systems in Mixed-Node Clusters,” on page 14 

+ Section 2.12, “Using Novell iManager in Mixed-Node Clusters,” on page 15 


¢ Section 2.13, “Using Novell Remote Manager Is Not Supported in Mixed-Node Clusters,” on 
page 15 


è Section 2.14, “Using ConsoleOne Is Not Supported for Mixed-Node Clusters,” on page 15 


+ Section 2.15, “Using the Monitoring Function in Mixed-Node Clusters Is Not Supported,” on 
page 15 
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2.1 


2.2 


2.3 


Supported Conversion Paths 


The NetWare to Linux conversion is supported from NetWare 6.5 SP8 (with the latest patches 
applied) to OES 2 SP3 on the SUSE Linux Enterprise 10 SP4 operating system. The following 
conversion paths are supported from NetWare to OES 2 Linux: 


From this NetWare platform Interim platform upgrade for all Before conversion to this 

nodes platform 
NetWare 6.5 SP8 Latest patches applied OES 2 SP3 on SLES 10 SP4 Linux 
NetWare 6.5 SP7 or earlier NetWare 6.5 SP8 with the latest OES 2 SP3 on SLES 10 SP4 Linux 


patches applied 


NetWare 6.0 NetWare 6.5 SP8 with the latest OES 2 SP3 on SLES 10 SP4 Linux 
patches applied 


NetWare 5.1 NetWare 6.5 SP8 with the latest OES 2 SP3 on SLES 10 SP4 Linux 
patches applied 


Before converting NetWare 6.5 clusters to OES 2 Linux, you must apply all of the latest service packs 
and patches for that version. For information, see “Upgrading NetWare Clusters” in the NW6.5 SP8: 
Novell Cluster Services 1.8.5 Administration Guide. 


If you have a NetWare 6.5 SP7 or earlier cluster, you must upgrade all nodes to NetWare 6.5 SP8 (with 
the latest service packs and patches) before you convert any nodes to OES 2 Linux or add OES 2 
Linux nodes to the cluster. For information, see “Upgrading NetWare Clusters” in the NW6.5 SP8: 
Novell Cluster Services 1.8.5 Administration Guide. 


Supported Mixed-Node Clusters 


During the conversion, the intermediate cluster is referred to as a mixed-node cluster because the 
cluster contains both NetWare and Linux nodes. This is a temporary configuration that is supported 
for the purpose of converting the cluster and is not supported as a long-term operational state of the 
cluster. 


A mixed cluster made up of NetWare 6.5 SP8 nodes and OES 2 SP3 Linux nodes is supported for the 
purpose of converting the cluster from NetWare 6.5 SP8 (with the latest support packs and patches) 
to OES 2 SP3 Linux or later. 


A mixed cluster made up of NetWare 6.5 SP7 or earlier nodes and OES 2 SP3 Linux nodes is not 
supported. 


SBD Devices Must Be Marked as Shareable for Clustering 


Novell Cluster Services for Linux requires that the devices used for the SBD partition be explicitly 
marked as Shareable for Clustering. When converting a NetWare cluster, ensure that the SBD device, 
or both devices for a mirrored SBD, are marked as Shareable for Clustering before you add the first 
Linux node to the cluster. 
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2.4 


2.5 


2.6 


2.1 


Syntax Translation Issues for Load and Unload Scripts 


Executing a script that is valid for the NetWare platform is not necessarily recognized on the OES 2 
Linux platform. When cluster migrating a resource from a NetWare node to a OES 2 Linux node, the 
resource’s Load script and Unload script need to be translated in-memory while the cluster contains 
mixed nodes. It is also translated in-memory when the cluster is finally converted from NetWare to 
Linux. This translation is done by the Cluster Translation Library script (/opt /novell/ncs/bin/ 
clstrlib.py). 


IMPORTANT: If the commands in cluster resource’s load or unload scripts are not part of the normal 
translation library, the cluster resource can end up in a comatose state. 


Beginning in OES 2 SP2, Novell Cluster Services allows you to customize the translation syntax that 
is used for load and unload scripts in mixed-node clusters by defining them in the /var/opt/ 
novell/ncs/customized_translation_syntax file that you create. The clstrlib.py script reads 
the additional translation syntax from the syntax file. For information, see Section 4.7, “Customizing 
the Translation Syntax for Converting Load and Unload Scripts,” on page 27. 


Case Sensitivity Issues 


When adding a Linux node to the existing NetWare cluster, there are two areas where case sensitivity 
might be an issue: 


+ Node name: After you install the Linux node into the NetWare cluster, the Linux node is unable 
to join the cluster. To resolve this problem, edit the /etc/opt/novell/ncs/nodename file to 
modify the hostname of the node from lowercase (clusnode1) to all uppercase characters 
(CLUSNODE1), reboot the operating system, then run the rcnovell-nes start command. This 
allows the cluster node to start and join the cluster. 


NOTE: This case sensitivity issue has been resolved for OES 2 SP2 and later. 


+ Cluster object name: The Cluster object name (such as cn=Clustername, ou=context , o=org) is 
also present on the SBD partition. The SBD name (Clustername .sbd) matches the case of the 
object name in eDirectory. Running the sbdutil -£ command displays the SBD name. If the 
case used when you enter the Cluster object name and SBD name during the Linux cluster install 
do not match the case used in eDirectory, the cluster install fails to detect the SBD partition. 


Adding a New NetWare Node to a Mixed-Node Cluster 


You cannot add additional NetWare nodes to your cluster after adding a new Linux node or changing 
an existing NetWare cluster node to a Linux cluster node. If you want to add NetWare cluster nodes 
after converting part of your cluster to Linux, you must first remove the Linux nodes from the cluster. 


Converting Multiple NetWare Cluster Nodes to OES 2 Linux 


If you attempt to concurrently convert multiple NetWare cluster servers to OES 2 Linux, we strongly 
recommend that you use the old NetWare node IP addresses for your Linux cluster servers. You 
should record the NetWare node IP addresses before converting them to Linux. 


If you must assign new node IP addresses, we recommend that you only convert one node at a time. 
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2.8 


2.9 


2.10 


2.11 


If new cluster node IP addresses are required and new server hardware is being used, another option 
is to shut down the NetWare nodes that are to be removed and then add the new Linux cluster nodes. 
After adding the new Linux cluster nodes, you can remove the NetWare cluster node-related objects 
as described in Step 5 of Section 5.1, “Converting NetWare Cluster Nodes to OES 2 Linux (Rolling 
Cluster Conversion),” on page 29. 


IMPORTANT: Failure to follow these recommendations might result in NetWare server abends and 
Linux server restarts. 


Converting Nodes that Contain the eDirectory Master 
Replica 
When converting NetWare cluster servers to Linux, do not convert the server that has the master 


eDirectory replica first. If the server with the eDirectory master replica is a cluster node, convert it at 
the end of the rolling cluster conversion. 


Failing Over Service Cluster Resources on Mixed-Node 
Clusters 


For service cluster resources, the intention is to have a one-time cluster migration of the service from 
NetWare to OES 2 Linux. After you cluster migrate the resource to an OES 2 Linux node, the 
relocated resource should be cluster migrated only between nodes running the OES 2 Linux 
platform. 


Failing Over Data Cluster Resources on Mixed-Node 
Clusters 


Pool cluster resources that were created on NetWare cluster nodes and migrated or failed over to 
Linux cluster nodes can be migrated or failed back to NetWare cluster nodes. 


Cluster resources that were created on Linux cluster nodes cannot be migrated or failed over to 
NetWare cluster nodes. 


If you cluster migrate an NSS pool from a NetWare cluster server to a Linux cluster server, it could 
take several minutes for volume trustee assignments to synchronize after the migration. Users might 
have limited access to the migrated volumes until after the synchronization process is complete. 


Managing File Systems in Mixed-Node Clusters 


In a mixed cluster of NetWare and OES 2 Linux nodes, Linux POSIX file systems as cluster resources 
cannot be created until the entire cluster had been successfully converted to OES 2 Linux. Linux 
POSIX file systems as cluster resources cannot be migrated or failed over to NetWare cluster nodes. 


Only NSS pool cluster resources that are created on a NetWare cluster node can be failed over 
between Linux and NetWare nodes of a mixed-node cluster. 


NetWare-to-Linux failover of NSS pool cluster resources requires that the Linux node be configured 
for NSS and that the version of NSS supports the NSS media format and features that are currently 
being used by the NSS pool cluster resource on NetWare. 
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2.12 


2.13 


2.14 


2.15 


No storage management functions should be executed in a mixed-node cluster unless you are 
performing documented steps for the conversion. That is, do not create, delete, expand, or modify the 
properties for partitions, pools, or volumes for shared resources in the cluster unless the conversion 
instructions specifically guide you to do so. 


WARNING: Attempting to reconfigure shared storage in a mixed cluster can cause data loss. 


If you need to configure (or reconfigure) existing shared NSS pools and volumes in a mixed-node 
cluster, you must temporarily bring down all Linux cluster nodes prior to making changes, then 
make the configuration changes on a NetWare node. Ensure that the resources are working properly 
on NetWare before having the Linux cluster nodes rejoin the cluster. 


Using Novell iManager in Mixed-Node Clusters 


Use Novell iManager 2.7.4 or later for all cluster administration in the mixed-node cluster. Using the 
Clusters plug-in to iManager is required to manage the cluster after the first OES 2 Linux node is 
added to the cluster. 


The display of node IDs from the NetWare master node might be incomplete if you use other tools 
like ConsoleOne and Novell Remote Manager in a mixed-node cluster. However, you can use cat / 
admin/Novell/Cluster/NodeConfig.xml on any cluster node to get the node IDs. 


Using Novell Remote Manager Is Not Supported in Mixed- 
Node Clusters 


Do not use Novell Remote Manager when managing mixed-node clusters. Novell Remote Manager is 
not supported for cluster management on OES 2 Linux. 


Because different time formats are used in the NCS Event log for NetWare and Linux, Novell Remote 
Manager might have difficulty displaying the time of logged events. To avoid this problem in a 
mixed-node cluster, use iManager to access the NCS Event log. 


To reduce any confusion you might have when using Novell Remote Manager, you can unload 
module pcluster .nlm and delete its references in 1dncs and uldncs. This removes the Cluster tab in 
Novell Remote Manager. 


Using ConsoleOne Is Not Supported for Mixed-Node 
Clusters 


Do not use ConsoleOne when managing mixed-node clusters. ConsoleOne is not supported for 
cluster management on OES 2 Linux. 


Using the Monitoring Function in Mixed-Node Clusters Is 
Not Supported 


In mixed-node clusters, the Monitor function in Novell Cluster Services for Linux is not available. 
You cannot enable the Monitor function or modify the Monitor script for cluster resources on the 
Linux nodes until the conversion is finalized and all nodes in the cluster are running OES 2 Linux. 
Then the monitor scripts are created automatically for each of the converted cluster resources. 
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Planning the Conversion of Cluster 


Resources 


In addition to changing the operating system, the software and file systems for various clustered 
services must also be considered in your conversion from NetWare 6.5 to Novell Open Enterprise 
Server (OES) 2. This section provides an overview of the NetWare 6.5 services and their counterparts 
in OES 2 SP3. Before you begin a conversion, ensure that your system meets the general requirements 


and caveats described in this section. 


Converting cluster resources for OES 2 services from NetWare to Linux might require more than a 
simple cluster migration from a NetWare node to a Linux node. For example, the service might 
require that you use Migration Tool to convert the service to Linux. Some services require post- 
conversion configuration to finalize the conversion. A few services on NetWare are not available on 
OES 2 Linux, so you must use the standard Linux service instead. 


See Table 3-1 for information about converting cluster resources for NetWare 6.5 SP8 services: 


Table 3-1 Guidelines for Converting Service Cluster Resources from NetWare to Linux 


Service on NetWare 6.5 Cluster Migrate the 


Converting the Service to OES 2 Linux 


SP8 Resource 

Apache Web Server Yes See Chapter 7, “Apache HTTP Server,” on page 39. 
Apple Filing Protocol Yes See Chapter 6, “Novell AFP,” on page 37. 

(AFP) 

Archive and Version No, but you can migrate See Chapter 8, “Novell Archive and Version Services,” on 
Services the database page 55. 

CIFS Yes See Chapter 10, “Novell CIFS,” on page 59. 


(Windows File Services) 


DFS VLDB Yes 


(Distributed File Services 
volume location 


See Chapter 11, “Novell Distributed File Services VLDB,” 
on page 61. 


database) 

DHCP Server Yes See Chapter 12, “DHCP Server,” on page 63. 

DNS Server Yes See Chapter 13, “DNS Server,” on page 65. 
eDirectory Not clustered, but See Section 2.8, “Converting Nodes that Contain the 


requires special handling 


eDirectory Master Replica,” on page 14. 
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Service on NetWare 6.5 Cluster Migrate the 


SP8 


eDirectory Certificate 
Server 


Resource 


Not clustered, but 
requires special handling 


Converting the Service to OES 2 Linux 


The Certificate Authority (CA) service is not cluster- 
enabled for NetWare or OES 2 Linux. There are no 
cluster-specific tasks for the CA itself. 


The Server Certificate service issues Server Certificate 
objects that might need to reside on each node ina 
cluster, depending on the service that is clustered. 
NetWare and Linux generate certificates differently, so 
the NetWare server’s certificate is not reused for the OES 
2 Linux server. 


See Chapter 9, “eDirectory Server Certificates,” on 
page 57. 


exteNd Application 
Server and MySQL 


Not applicable 


The exteNd Application Server was discontinued as an 
install option for NetWare 6.5 SP3. It is not available for 
Linux. 


See also MySQL in this table. 


FTP 


No 


Use the Pure-FTPd service for Linux. 


For information, see “Novell FTP (Pure-FTPd) and OES 
2” in the OES 2 SP3: Planning and Implementation 
Guide. 


iFolder 


No, but you can migrate 
the settings and data 


Novell iFolder 2.1x is not available on OES 2 Linux. You 
must use Novell iFolder 3.x. 


After you add a Novell iFolder 3.x server to the NetWare 
cluster and before you finalize the cluster conversion, use 
iFolder migration procedures to migrate the iFolder 2.1x 
server configuration and user data from the source 
NetWare node to the target Linux node. For information, 
see “Migrating iFolder Services” in the Novell iFolder 3.8 
Administration Guide. 


iPrint 


Yes 


See Chapter 14, “Novell iPrint,” on page 67. 


MySQL 


No 


Use the MySQL 5.0.x software on OES2 Linux that is 
offered under the GPL. 


See Chapter 15, “MySQL,” on page 73. 


NetStorage 


Not tested 


Clustering the NetStorage service is supported for OES 2 
SP1 Linux and later. 


For information, see “Configuring NetStorage with Novell 
Cluster Services” in the OES 2 SP3: NetStorage 
Administration Guide. 


NFS 


No 


Use standard NFS service for Linux. 
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Service on NetWare 6.5 
SP8 


QuickFinder (Server 
Synchronization 
Feature) 


Cluster Migrate the 
Resource 


No, but you can migrate 
the settings and data 


Converting the Service to OES 2 Linux 


You must create a new cluster resource. QuickFinder 
5.0.x is supported only on OES 2 Linux. NetWare uses 
QuickFinder 4.2.0. QuickFinder does not support any 
automated procedure or scripts for a rolling upgrade from 
Netware to Linux. 


Instead of converting the resource, you can migrate the 
settings from NetWare after you set up a QuickFinder 
resource on Linux. 


See Chapter 16, “QuickFinder Server,” on page 75. 


NSS pools and volumes Yes See Chapter 17, “Novell Storage Services Pools,” on 
page 79. 
Tomcat No Use the Novell Tomcat service for Linux. 
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4.1 


Planning the Conversion of Load and 
Unload Scripts 


You can use a rolling cluster conversion to convert a Novell Cluster Services cluster from NetWare 6.5 
SP8 to Novell Open Enterprise Server (OES) 2 SP3 Linux. This section describes how to prepare for 
and perform the conversion, and how to manage the temporarily mixed cluster during the 
conversion. 


+ Section 4.1, “Translation of Cluster Resource Scripts for Mixed NetWare and Linux Clusters,” on 
page 21 

+ Section 4.2, “Comparing Script Length Limits for NetWare and Linux,” on page 22 

¢ Section 4.3, “Comparing Script Commands for NetWare and Linux,” on page 23 

+ Section 4.4, “Comparing Master IP Address Scripts,” on page 23 

+ Section 4.5, “Comparing NSS Pool Resource Scripts,” on page 24 

+ Section 4.6, “Comparing File Access Protocol Resource Script Commands,” on page 26 


+ Section 4.7, “Customizing the Translation Syntax for Converting Load and Unload Scripts,” on 
page 27 
¢ Section 4.8, “Adding Monitoring Scripts on Linux,” on page 28 


Translation of Cluster Resource Scripts for Mixed NetWare 
and Linux Clusters 


Novell Cluster Services includes specialized script translation functionality, called the Cluster 
Translation Library script (/opt /novell/ncs/bin/clstrlib.py), to help NetWare and Linux 
servers coexist in the same cluster. It provides an automatic translation of the Master IP Address 
resource and cluster-enabled NSS pool resource load and unload scripts from NetWare to Linux. This 
functionality is also beneficial as you migrate NetWare cluster servers to Linux. 


The Cluster Translation Library reads the NetWare load and unload scripts from eDirectory, converts 
them, and writes them as Linux load and unload script files. The Linux load and unload script files 
are then searched for NetWare-specific command strings, and the command strings are then either 
deleted or replaced with Linux-specific command strings. Separate Linux-specific commands are also 
added, and the order of certain lines in the scripts is also changed to function with Linux. 


The Linux load and unload scripts are stored in files on Linux cluster servers, instead of being stored 
in eDirectory like the NetWare scripts. The cluster resource name is used in the load and unload 
script filenames. The path to the files is /var/opt/novell/ncs/. 


IMPORTANT: Use the Properties > Scripts page in the Clusters plug-in in iManager whenever you 
make manual changes to the load and unload scripts. The changes are automatically saved to the 
files. 
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The normal translations performed by the Cluster Translation Library are described in the following 
sections: 


¢ Section 4.3, “Comparing Script Commands for NetWare and Linux,” on page 23 


+ 


Section 4.4, “Comparing Master IP Address Scripts,” on page 23 


+ 


Section 4.5, “Comparing NSS Pool Resource Scripts,” on page 24 


+ 


Section 4.6, “Comparing File Access Protocol Resource Script Commands,” on page 26 


IMPORTANT: If the commands in cluster resource’s load or unload scripts are not part of the 
translation library, the cluster resource can end up in a comatose state. 


Beginning in OES 2 SP2, Novell Cluster Services allows you to customize the translation syntax that 
us used for load and unload scripts in mixed-platform situations by defining new syntax translations 
to be used in addition to the normal translations. For information, see Section 4.7, “Customizing the 
Translation Syntax for Converting Load and Unload Scripts,” on page 27. 


4.2 Comparing Script Length Limits for NetWare and Linux 


Scripts have different size limits on NetWare and OES 2 Linux. In a mixed-node cluster, the scripts for 
NetWare resources that are cluster migrated to OES 2 Linux nodes are restricted to the NetWare 
script-size limits until the final cluster convert command is issued. 


The maximum supported lengths for cluster scripts’ content are as follows: 


OES 2 Linux Resources 
NetWare 6.5 Resources NetWare 6.5 Resources and Converted NetWare 


Script on NetWare Nodes on OES 2 Linux Nodes Resources After the 
Final Conversion 

Load script 924 bytes 924 bytes 3200 bytes 

Unload script 924 bytes 924 bytes 3200 bytes 

Monitor script Not supported Not supported 3200 bytes 


In cases where a Linux converted script exceeds the imposed NetWare script size limit, it is best to 
avoid bringing the resource online on OES 2 Linux nodes until the final cluster convert command has 
been run. 


IMPORTANT: Because the Linux script for GroupWise exceeds the NetWare script limit, we 
recommend that you do not online GroupWise resources in while running in mixed-node clusters. 
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4.3 


4.4 


Comparing Script Commands for NetWare and Linux 


Table 4-1 identifies some of the NetWare cluster load and unload script commands that the Cluster 
Translation Library script searches for and the Linux commands that it replaces them with (unless the 
commands are deleted). 


Table 4-1 Cluster Script Command Comparison 


Action NetWare Cluster Command Linux Cluster Command 

Replace IGNORE ERROR add secondary ipaddress ignore error 
add_secondary_ipaddress 

Replace IGNORE ERROR del secondary ipaddress ignore error 
del_secondary_ipaddress 

Replace del secondary ipaddress ignore error 
del_secondary_ipaddress 

Replace add secondary ipaddress exit_on_error 
add_secondary_ipaddress 

Delete IGNORE ERROR NUDP (deletes the entire line) 

Delete IGNORE ERROR HTTP (deletes the entire line) 

Replace nss /poolactivate= nss /poolact= 

Replace nss /pooldeactivate= nss /pooldeact= 

Replace mount volume_name VOLID=number exit_on_error ncpcon mount 
volume_name=number 

Replace NUDP ADD clusterservername ipaddress exit_on_error ncpcon bind 
--ncpservername=ncpservername 
--ipaddress=ipaddress 

Replace NUDP DEL clusterservername ipaddress ignore_error ncpcon unbind 
--ncpservername=ncpservername 
--ipaddress=ipaddress 

Delete CLUSTER CVSBIND (deletes the entire line) 

Delete CIFS (deletes the entire line) 


Comparing Master IP Address Scripts 


IMPORTANT: You can modify the Master IP Address of the cluster only after the cluster conversion 
is finalized. For information, see “Moving a Cluster or Changing IP Addresses of Cluster Nodes and 
Resources” in the OES 2 SP3: Novell Cluster Services 1.8.8 Administration Guide for Linux. 


+ Section 4.4.1, “Master IP Address Resource Load Script,” on page 24 


+ Section 4.4.2, “Master IP Address Resource Unload Script,” on page 24 
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4.4.1 Master IP Address Resource Load Script 


This section provides examples of the master IP address resource load scripts on NetWare and Linux. 


+ “NetWare” on page 24 


+ “Linux” on page 24 


NetWare 


IGNORE ERROR set allow ip address duplicates = on 

IGNORE ERROR CLUSTER CVSBIND ADD BCCP Cluster 10.1.1.175 
IGNORE ERROR NUDP ADD BCCP Cluster 10.1.1.175 

IGNORE ERROR add secondary ipaddress 10.1.1.175 

IGNORE ERROR HTTPBIND 10.1.1.175 /KEYFILE:"SSL CertificateIP" 
IGNORE ERROR set allow ip address duplicates = off 


Linux 


#!/bin/bash 
/opt/novell/ncs/lib/nesfuncs 


ignore error add_secondary_ipaddress 10.1.1.175 -np 


exit 0 


4.4.2 Master IP Address Resource Unload Script 


This section provides examples of the master IP address resource unload scripts on NetWare and 
Linux. 


+ “NetWare” on page 24 


+ “Linux” on page 24 


NetWare 


IGNORE ERROR HTTPUNBIND 10.1.1.175 

IGNORE ERROR del secondary ipaddress 10.1.1.175 

IGNORE ERROR NUDP DEL BCCP Cluster 10.1.1.175 

IGNORE ERROR CLUSTER CVSBIND DEL BCCP Cluster 10.1.1.175 


Linux 


#!/bin/bash 

/opt/novell/ncs/lib/nesfuncs 
ignore error del_secondary_ipaddress 10.1.1.175 
exit 0 


4.5 Comparing NSS Pool Resource Scripts 


+ Section 4.5.1, “NSS Pool Resource Load Script,” on page 25 
+ Section 4.5.2, “NSS Pool Resource Unload Script,” on page 25 
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4.5.1 


4.5.2 


NSS Pool Resource Load Script 


This section provides examples of the NSS pool resource load scripts on NetWare and Linux. 


+ “NetWare” on page 25 


+ “Linux” on page 25 


NetWare 


nss /poolactivate=HOMES POOL 

mount HOMES VOLID=254 

CLUSTER CVSBIND ADD BCC CLUSTER HOMES SERVER 10.1.1.180 

NUDP ADD BCC CLUSTER HOMES SERVER 10.1.1.180 

add secondary ipaddress 10.1.1.180 

CIFS ADD .CN=BCC_CLUSTER_HOMES SERVER.OU=servers.O=lab.T=TEST TREE. 


Linux 


#!/bin/bash 

/opt/novell/ncs/lib/nesfuncs 
exit_on_error nss /poolact=HOMES POOL 
exit_on_error ncpcon mount HOMES=254 
exit_on_error add_secondary_ipaddress 10.1.1.180 


exit _on_error ncpcon bind --ncpservername=BCC_CLUSTER_HOMES SERVER 
--ipaddress=10.1.1.180 


exit 0 


NSS Pool Resource Unload Script 


This section provides examples of the NSS pool resource unload scripts on NetWare and Linux. 


e “NetWare” on page 25 


+ “Linux” on page 25 


NetWare 


del secondary ipaddress 10.1.1.180 

CLUSTER CVSBIND DEL BCC CLUSTER HOMES SERVER 10.1.1.180 

NUDP DEL BCC CLUSTER HOMES SERVER 10.1.1.180 

nss /pooldeactivate=HOMES POOL /overridetype=question 

CIFS DEL .CN=BCC_CLUSTER_HOMES SERVER.OU=servers.O=lab.T=TEST TREE. 


Linux 


#!/bin/bash 
/opt/novell/ncs/lib/nesfuncs 


ignore _error ncpcon unbind --ncpservername=BCC_CLUSTER_HOMES SERVER 
--ipaddress=10.1.1.180 


ignore error del _ secondary _ipaddress 10.1.1.180 


ignore error nss /pooldeact=HOMES POOL 
exit 0 
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4.6 Comparing File Access Protocol Resource Script 
Commands 


+ Section 4.6.1, “File Access Protocol Resource Load Scripts,” on page 26 


è Section 4.6.2, “File Access Protocol Resource Unload Scripts,” on page 26 


4.6.1 File Access Protocol Resource Load Scripts 


This section provides examples of the file access protocol commands for load scripts on NetWare and 
Linux. 


+ “NetWare” on page 26 


+ “Linux” on page 26 


NetWare 
Protocol Script Command for Load Scripts 
NCP NUDP ADD NCS1 Pl SERVER 10.10.10.194 


Novell AFP AFPBIND ADD NCS1 Pl SERVER 10.10.10.204 


Novell CIFS CIFS ADD .CN=NCS1_ Pl SERVER.O=novell.T=CLUSTER. 


Linux 
Protocol Script Command for Load Scripts 
NCP # mount the NCP volume 


exit_on_error ncpcon mount $NCP_VOLUME=VOL_ID, PATH=$MOUNT_POINT 


exit_on_error ncpcon bind --ncpservername=NCS1_P1_ SERVER 
--ipaddress=10.10.10.194 


Novell AFP exit_on_error cluster_afp.sh add NCS1_P1 SERVER 10.10.10.204 


Novell CIFS  exit_on error novcifs --add 
--vserver=.CN=NCS1_P1 SERVER.O=novell.T=TREE-188. --ip- 
addr=<virtual_server_ip_ address> 


4.6.2 File Access Protocol Resource Unload Scripts 


This section provides examples of the Novell AFP commands for unload scripts on NetWare and 
Linux. 


+ “NetWare” on page 27 


+ “Linux” on page 27 
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NetWare 


Protocol Script Command for Unload Scripts 

NCP NUDP DEL NCS1 Pl SERVER 10.10.10.194 

Novell AFP AFPBIND DEL NCS1 Pl SERVER 10.10.10.204 

Novell CIFS CIFS DEL .CN=NCS1 Pl SERVER.O=novell.T=TREE-188. 

Linux 

Protocol Script Command for Unload Scripts 

NCP ignore_error ncpcon unbind --ncpservername=NCS1_ P1 SERVER 


--ipaddress=10.10.10.194 


# dismount the NCP volume 
ignore_error ncpcon dismount S$NCP_VOLUME 


Novell AFP ignore_error cluster_afp.sh del NCS1_ Pl SERVER 10.10.10.204 


Novell CIFS ignore error novcifs --remove 
--vserver=.CN=NCS1_P1 SERVER.O=novell.T=TREE-188. 
--ip-addr=<virtual_server_ip address> 


Customizing the Translation Syntax for Converting Load 
and Unload Scripts 


The syntax for load and unload scripts differs for NetWare and Linux platforms. A script that is valid 
for the NetWare platform is not necessarily recognized on the OES 2 Linux platform. In a mixed- 
platform cluster, a cluster resource’s load script and unload script must be translated to use the 
proper syntax when running on the NetWare or Linux nodes. Translation occurs in-memory while 
the cluster contains mixed-platform nodes, and during the final cluster conversion of the cluster from 
NetWare to Linux. 


The translation between NetWare and Linux versions of the load and unload scripts is performed by 
the Cluster Translation Library script (/opt /novell/ncs/bin/clstrlib.py). The normal 
translations in the library are described in Section 4.1, “Translation of Cluster Resource Scripts for 
Mixed NetWare and Linux Clusters,” on page 21. If the commands in a cluster resource’s load or 
unload scripts are not part of the translation library, the cluster resource can end up in a comatose 
state. 


Beginning in OES 2 SP2, Novell Cluster Services allows you to customize the translation syntax that 
is used for load and unload scripts in mixed-platform situations by defining new syntax translations 
in the /var/opt/novell/ncs/customized_translation_syntax file that you create. The 
clstrlib.py script reads the additional translation syntax from the syntax file, and processes them 
in addition to the normal translations in the Cluster Translation Library. 


The customized translation supports using Python regular expressions to search for strings ((\S+) ), 
digits ((\d+)), and other data types. The search is case insensitive. 


NOTE: Refer to information about Python regular expressions to learn how to create searches for 
other data types. 
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4.8 


In a text editor, create the customized_translation_syntax file with the additional translation 
syntax that you need, then copy the file to the /var/opt/novell/ncs/ folder on each Linux node 
in the mixed-platform cluster. 


The syntax file should contain a four-line command for each type of translation you want to add: 
<R | D> 

search string 

[replacement _data] 


[preceding data] 


You can have any number of the four-line commands in the file. Use the following guidelines for 
creating the syntax translation commands: 


Line Description 


<R|D> Specify whether to replace (R) all matches or to delete (D) all matches of the 
data type you are looking for in the load or unload script. 


search string Specify the search string that is used to locate a line in the scripts. 
[replacement_data] Specify the replacement data used to replace a line matched by the search 
performed. 


Leave this line empty if there is no replacement. 


[preceding data] Specify a line to be inserted before the first line that is matched by the search 
performed. 


Leave this line empty if there is no line to be inserted before the first matching 
line. 


The following four lines are sample code for a search command in the 
customized_translation_syntax file. The fourth line is intentionally left empty. 


R 
“\s*bind\s+IP\s+ (\S+) \s (\S+) \staddress= (\d+\.\d+\.\d+\.\d+) 
ignore error bind IP \1 \2 address=\3\n 

exit _on_error ip addr add \3/32 dev \1 


You can use the cluster convert preview command to verify that the 
customized_translation_syntax file is working as intended for a particular resource. 


1 On the master node, open a terminal console as the root user, then enter 


cluster convert preview resource name 


Adding Monitoring Scripts on Linux 


The monitoring script is available for cluster resources in Novell Cluster Services for OES 2 Linux. 
However, in a mixed-node cluster, the cluster resources that you cluster migrate from NetWare to 
Linux will not have a monitoring script during the conversion process. A monitoring script for each 
of the former NetWare cluster resources is created automatically after you perform the final cluster 
conversion step as described in Section 5.4, “Finalizing the Cluster Conversion,” on page 35. 


Sample monitoring scripts are available in the cluster resource templates for the various services on 
OES 2 Linux. 


There might not be a monitoring script for iPrint. Print Manager has a built-in monitoring and restart 
capability. Using the cluster resource monitoring script might cause a conflict. 
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5.1 


Converting NetWare 6.5 Clusters to OES 
2 Linux 


You can use a rolling cluster conversion to convert a Novell Cluster Services cluster from NetWare 6.5 
SP8 to Novell Open Enterprise Server (OES) 2 SP3 Linux. This section describes how to prepare for 
and perform the conversion, and how to manage the temporarily mixed cluster during the 
conversion. 


+ Section 5.1, “Converting NetWare Cluster Nodes to OES 2 Linux (Rolling Cluster Conversion),” 
on page 29 


* Section 5.2, “Adding New OES 2 Linux Nodes to Your NetWare Cluster,” on page 32 
* Section 5.3, “Removing NetWare Nodes from the Cluster,” on page 34 


è Section 5.4, “Finalizing the Cluster Conversion,” on page 35 


Converting NetWare Cluster Nodes to OES 2 Linux (Rolling 
Cluster Conversion) 


Performing a rolling cluster conversion from NetWare 6.5 to OES 2 Linux lets you keep your cluster 
up and running and lets your users continue to access cluster resources while the conversion is being 
performed. 


During a rolling cluster conversion, one server is converted to Linux while the other servers in the 
cluster continue running NetWare 6.5. Then, if desired, another server can be converted to OES 2 
Linux, and then another, until all servers in the cluster have been converted to Linux. You can also 
leave the cluster as a mixed NetWare and Linux cluster. 


IMPORTANT: Before you begin, ensure that you system meets the requirements and caveats in 
“Planning for Novell Cluster Services” in the OES 2 SP3: Novell Cluster Services 1.8.8 Administration 
Guide for Linux. Also verify that your system meets the requirements in Chapter 2, “Planning the 
Cluster Conversion,” on page 11. 


If you are converting from NetWare on physical servers to OES 2 Linux on virtual servers (guest 
operating systems running on Xen virtual machines), you can use the same methods and processes as 
those used on a physical server. No additional changes or special configuration is required. For 
information, see “Mixed Physical and Virtual Node Clusters” in the OES 2 SP3: Novell Cluster Services 
1.8.8 Administration Guide for Linux. 


To perform a rolling cluster conversion from NetWare 6.5 to OES 2 Linux: 


1 Before you add the first Linux node to the NetWare cluster, if the NetWare cluster uses an SBD, 
ensure that the device (or devices) being used by the SBD are marked as Shareable for Clustering. 


You can use NSSMU or iManager to mark the SBD devices as shareable. It is not necessary to 
bring the cluster down when changing the device attribute to Shareable for Clustering. 
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Using NSSMU: 
la Log in to the master node of the NetWare cluster as the administrator user. 
1b Enter nssmu at the server console prompt. 
1c In the NSSMU main menu, select Devices. 


1d In the Devices list, highlight the device that contains the SBD partition, then press F5 to 
select it. 


le Press F6 to mark the device as Shareable for Clustering. 


1f If the SBD partition is mirrored, repeat Step 1d and Step 1e to also mark the mirror device 
as Shareable for Clustering. 


1g Press Esc to exit NSSMU. 
2 Make a note of the services that are installed on the server you are converting. 
You might want to install the same components on the Linux node if they are available. 
3 On the NetWare server that you want to convert to Linux, remove eDirectory. 


You can do this by running NWConfig, then selecting Product Options > Directory Options <install 
NDS> > Remove Directory Services from this server. 


4 Bring down the NetWare server you want to convert to Linux. 


Any cluster resources that were running on the server should fail over to another server in the 
cluster. 


You can also manually cluster migrate the resources to another server in the cluster prior to 
bringing down the server. This prevents the resources from failing back to the node after you 
have completed the upgrade. 


5 IneDirectory, remove (delete) the Cluster Node object, the Server object, and all corresponding 
objects relating to the downed NetWare server. 


Depending on your configuration, there could be 10 or more objects that relate to the downed 
NetWare server. 


6 Run DSRepair from another server in the eDirectory tree to fix any directory problems. 
If DSRepair finds errors or problems, run it multiple times until no errors are returned. 


7 Install OES 2 Linux on the server, but do not install the Novell Cluster Services option in OES 
Services at this time. 


You can use the same server name and IP address that were used on the NetWare server. This is 
suggested, but not required. 


See the OES 2 SP3: Installation Guide for more information. 
8 Set up and verify SAN connectivity for the Linux node. 
Consult your SAN vendor documentation for SAN setup and connectivity instructions. 
9 Install Novell Cluster Services and add the node to your existing NetWare 6.5 cluster. 
9a Log in to the OES 2 Linux server as the root user. 
9b In YaST, select Open Enterprise Server > OES Install and Configuration. 
9c On the Software Selection page under OES Services, click Novell Cluster Services. 


Services that you have already installed are indicated by a blue check mark in the status 
check box next to the service. 


For information about other install options, see “Installing Novell Cluster Services during a 
OES 2 Linux Installation” in the OES 2 SP3: Novell Cluster Services 1.8.8 Administration Guide 
for Linux. 


9d Click Accept to begin the install, then click Continue to accept changed packages. 
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9e Continue through the installation process until you reach the Novell Open Enterprise 
Server Configuration page. 


9 


> 


Reconfigure LDAP Configuration of Open Enterprise Services to specify the credentials for the 
container administrator user (or non-administrator user) who has the eDirectory rights 
needed to install Novell Cluster Services. 


For information about what rights are needed, see “Assigning Install Rights for Container 
Administrators (or Non-Administrator Users)” in the OES 2 SP3: Novell Cluster Services 1.8.8 
Administration Guide for Linux. 


9f1 On the Novell Open Enterprise Server Configuration page under LDAP Configuration 
of Open Enterprise Services, click the disabled link to enable re-configuration. 


The sentence changes to Reconfiguration is enabled. 


9f2 Click the LDAP Configuration of Open Enterprise Services link to open the LDAP 
Configuration page. 


9f3 Specify the following values: 


+ Admin name and context: The user name and context (in LDAP form) of the 
container administrator user (or non-administrator user) who has the eDirectory 
rights needed to install Novell Cluster Services. 


+ Admin password: The password of the container administrator (or non- 
administrator user). 


9f4 Click Next. 
The install returns to the Novell Open Enterprise Server Configuration page. 


9g On the Novell Open Enterprise Server Configuration page under Novell Cluster Services, 
click the disabled link to enable configuration. 


The sentence changes to Configuration is enabled. 
9h Click the Novell Cluster Services link to open the Novell Cluster Services Configuration page. 
gi 


Click Existing Cluster, specify the fully distinguished name (FDN) of the cluster, then click 
Next. 


IMPORTANT: Use the comma format illustrated in the example. Do not use dots. 


This is the name and eDirectory context of the cluster that you are adding this server to. 


9j Select the IP address that Novell Cluster Services will use for this node. 


— 


Some servers have multiple IP addresses. This step lets you choose which IP address Novell 
Cluster Services uses. 


9k Deselect Start Services Now. 
91 Click Next, then continue through the rest of the OES installation. 


9m After the install is complete, use the Software Updater (or other update methods) to install 
any patches from the OES 2 Linux patch channel and any EVMS patches from the SUSE 
Linux Enterprise Server 10 SP4 or later patch channel. 


10 If you have a shared disk system on the cluster, enter sbdutil -f at the Linux terminal console 
to verify that the node can see the cluster (SBD) partition on the SAN. 


sbdutil -f also tells you the device on the SAN where the SBD partition is located. 
11 Reboot the operating system. 


12 (Optional) Manually migrate the resources that were on the old server nodes to this Linux 
server. 
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Some cluster resources for services on NetWare cannot be used on Linux. For information, see 
Chapter 2, “Planning the Cluster Conversion,” on page 11. 


The resources can automatically fail back if all of the following apply: 
+ The failback mode for the resources was set to Auto. 


+ You used the same node number for this Linux server that was used for the former NetWare 
server. 


This only applies if this Linux server is the next server added to the cluster. 


¢ This Linux server is the preferred node for the resources. 


5.2 Adding New OES 2 Linux Nodes to Your NetWare Cluster 


You can add new OES 2 Linux cluster nodes to your existing NetWare 6.5 cluster without bringing 
down the cluster. 


1 Before you add the first Linux node to the NetWare cluster, if the NetWare cluster uses an SBD, 
ensure that the device (or devices) being used by the SBD are marked as Shareable for Clustering. 


You can use NSSMU or iManager to mark the SBD devices as shareable. It is not necessary to 
bring the cluster down when changing the device attribute to Shareable for Clustering. 


Using NSSMU: 
la Log in to the master node of the NetWare cluster as the administrator user. 
1b Enter nssmu at the server console prompt. 
1c In the NSSMU main menu, select Devices. 


1d In the Devices list, highlight the device that contains the SBD partition, then press F5 to 
select it. 


le Press F6 to mark the device as Shareable for Clustering. 


1f If the SBD partition is mirrored, repeat Step 1d and Step 1e to also mark the mirror device 
as Shareable for Clustering. 


1g Press Esc to exit NSSMU. 


2 Install OES 2 Linux on the new node, but do not install the Novell Cluster Services option from 
OES Services at this time. 


See the “OES 2 SP3: Installation Guide” for more information. 
3 Set up and verify SAN connectivity for the new OES 2 Linux node. 

Consult your SAN vendor documentation for SAN setup and connectivity instructions. 
4 Install Novell Cluster Services on the OES 2 Linux node. 
5 After the install, add the server to the NetWare cluster: 


For detailed instructions, see “Adding a Node to an Existing Cluster” in the OES 2 SP3: Novell 
Cluster Services 1.8.8 Administration Guide for Linux. 


5a Log in to the OES 2 Linux server as the root user. 
5b In YaST, select Open Enterprise Server > OES Install and Configuration. 


5c On the Software Selection page under OES Services, verify that Novell Cluster Services is 
selected, then click Accept to continue to the configuration. 


Services that you have already installed are indicated by a blue check mark in the status 
check box next to the service. 
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5d On the Software Configuration page, enable Novell Cluster Services configuration, then 


5e 


5f 


5g 


5h 


Si 


click the Novell Cluster Services link. 


When you are prompted, enter the credentials of the LDAP administrator that is configured 
for the server. 


On the Novell Cluster Services Configuration page, add the server to the existing NetWare 
cluster, then click Next. 


Parameter Action 
New or Existing Cluster Select Existing Cluster. 
Cluster FDN Browse to select the Cluster object for the 


NetWare cluster, or type the cluster fully 
distinguished name. 


For example: 


cn=nwcluster,ou=clusters,o=mycompany 


On the Proxy User Configuration page, specify one of the following users as the NCS Proxy 
user, then click Next. 


+ OES Common Proxy User: If the OES Common Proxy User is enabled in eDirectory, 
the Use OES Common Proxy User check box is automatically selected and the NCS Proxy 
User Name and Specify NCS Proxy User Password fields are populated with the 
credentials of the OES Common Proxy User. 

+ LDAP Admin User: If the OES Common Proxy User is disabled in eDirectory, the Use 
OES Common Proxy User check box is automatically deselected and the NCS Proxy User 
Name and Specify NCS Proxy User Password fields are populated with the credentials of 
the LDAP Admin user. The fields are also automatically populated with the LDAP 
Admin credentials if you deselect the Use OES Common Proxy User check box. 


+ Another Administrator User: Deselect the Use OES Common Proxy User check box, 
then specify the credentials of an administrator user. 


You can reset the default settings by clicking Back to return to the Novell Cluster Services 
Configuration page, then clicking Next to continue again to the Proxy User Configuration 
page. 

On the Configuration page, specify the following parameters, then click Finish. 


Parameter Action 
IP address of this node If the server has multiple network adapters, 


select the IP address that Novell Cluster Services 
will use for this node. 


Start Cluster Services now Deselect the check box. You will start Novell 
Cluster Services software on this node manually 
for the conversion process. 


On the OES Server Configuration page, scroll down to the Novell Cluster Services entry to 
review the summary of the Cluster Services configuration, then click Next. 
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Wait while Novell Cluster Services is configured. 


5j After the configuration is completed, click Finish to exit the OES Configuration page, then 
exit YaST. 


6 If you have a shared disk system on the cluster, enter sbdutil -f at the Linux terminal console 
to verify that the node can see the cluster (SBD) partition on the SAN. 


sbdutil -f will also tell you the device on the SAN where the SBD partition is located. 

7 Start cluster software by going to the /etc/init.d folder and running novell-ncs start. 
You must be logged in as root to run novell-ncs start. 

8 Add and assign cluster resources to the new Linux cluster node. 


For information, see “Configuring Preferred Nodes for a Resource” in the OES 2 SP3: Novell 
Cluster Services 1.8.8 Administration Guide for Linux. 


5.3 Removing NetWare Nodes from the Cluster 


After your OES cluster nodes are set up and resources have been migrated to them from the NetWare 
nodes, you are ready to remove the NetWare nodes from the cluster. 


To remove the NetWare nodes from the cluster: 


1 Log in to the NetWare node as the administrator user. 


2 Check the cluster status and verify that all cluster resources have been migrated to the Linux 
nodes. 


cluster status 
3 Remove the NetWare node from the cluster by entering 
cluster leave 


4 Stop Novell Cluster Services from running on the NetWare node by entering 


uldncs 
5 Remove the node’s Cluster Node object and the NCS attributes from its Server object. 


5a Ina Web browser, open iManager, then log in to the Novell eDirectory tree that contains the 
node you want to manage. 


IMPORTANT: Log in as an administrator user who has sufficient rights in eDirectory to 
delete and modify eDirectory objects. 
5b Delete the node’s Cluster Node object from the cluster container: 
5b1 Select Directory Administration > Delete Objects. 
5b2 Browse to the Cluster container (§*) of the cluster, locate and select the Cluster Node 
object (P) for the NetWare node in the container, then click OK. 


5b3 On the Delete Objects page, click OK, then click OK again to confirm the deletion of the 
Cluster Node object. 


5c Select Directory Administration > Modify Object, select the NetWare node’s Server object, 
remove its NCS attributes, then click OK to save and apply your changes. 


6 Repeat this process to remove each of the remaining NetWare nodes in the cluster. 
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5.4 


Finalizing the Cluster Conversion 


After you have converted all nodes in a former NetWare cluster to OES 2 Linux, you must finalize the 
conversion process by issuing the cluster convert command on one Linux cluster node. The 
cluster convert command moves cluster resource load and unload scripts from the files where 
they were stored on Linux cluster nodes into eDirectory. This enables a Linux cluster that has been 
converted from NetWare to utilize eDirectory like the former NetWare cluster. 


WARNING: After you finalize the cluster conversion, rollback to NetWare is not supported. All of 
the scripts for the NetWare nodes are deleted and are no longer available. 


To finalize the cluster conversion: 
1 Run cluster convert preview resource_nameat the terminal console of one Linux cluster 
node. 


The preview option lets you view the resource load and unload script changes that will be made 
when the conversion is finalized. Replace resource_name with the name of a resource that you 
want to preview. 


Beginning in OES 2 SP3, you can preview the information for all cluster resources by issuing the 
command without specifying a resource name. 


cluster convert preview 


2 Runcluster convert commit at the terminal console of one Linux cluster node to finalize the 
conversion. 


The cluster convert commit command generates or regenerates the cluster resource 
templates that are included with Novell Cluster Services for Linux. In addition to generating 
Linux cluster resource templates, this command deletes all NetWare cluster resource templates 
that have the same name as Linux cluster resource templates. 


The cluster resource templates are automatically created when you create a new Linux cluster, 
but are not created when you convert an existing NetWare cluster to Linux. 


3 Update the cluster configuration on all nodes by running the cluster configuration daemon. 
Enter the following command as the root user on every node in the cluster: 


/opt/novell/ncs/bin/nes-configd.py -init 


This removes the NetWare nodes from the list of nodes in the cluster so they are not displayed in 
iManager. 
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Novell AFP 


Novell Apple Filing Protocol (AFP) for Linux is available beginning in OES 2 SP1 Linux. 


After you set up Novell AFP on the Linux node and before you finalize the NetWare-to-Linux 
conversion, use the AFP function in the Migration Tool to convert the configuration. For information, 
see “Migrating AFP from NetWare to OES 2 SP3 Linux ” in the OES 2 SP3: Migration Tool 
Administration Guide. 


The commands in the scripts are also different. After the migration, modify the load and unload 
scripts on the Linux server. For information, see Section 4.6, “Comparing File Access Protocol 
Resource Script Commands,” on page 26. 


AFP on Linux supports NCP cross-protocol file locking, which allows NCP, AFP, and CIFS users to 
access files on an NSS volume concurrently without data corruption by locking the files across 
protocols. On Linux, the cross-protocol file locking parameter for NCP Server is disabled by default. 
It must be enabled on each node in the cluster if you plan to give both NCP users and AFP users 
access to NSS volume in the cluster. See “Configuring Cross-Protocol File Locks for NCP Server” in 
the OES 2 SP3: NCP Server for Linux Administration Guide. 
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1.1 


Apache HTTP Server 


The Apache HTTP Server is an open source Web server developed by the Apache Software 
Foundation (http://www.apache.org). On a Novell Open Enterprise Server (OES) 2 SP3 cluster, you 
can use Novell Cluster Services to cluster the Web content for your personalized Web sites. The 
Apache service is not cluster aware and must run on each server in the cluster. 


This section describes key considerations for configuring the Apache virtual hosts for your 
personalized Web sites. The scripts for your existing Apache cluster resources and the resource’s 
node preferences must be manually modified to use Apache commands for Linux when you convert 
a cluster from NetWare to Linux. 


è Section 7.1, “Prerequisites for Reusing NetWare Apache Cluster Resources on Linux,” on 
page 39 

¢ Section 7.2, “Using Apache HTTP Server on OES Servers,” on page 40 

+ Section 7.3, “Converting the Apache Cluster Resource,” on page 52 

+ Section 7.4, “Troubleshooting the Apache HTTP Server,” on page 53 


è Section 7.5, “Additional Information,” on page 54 


Prerequisites for Reusing NetWare Apache Cluster 
Resources on Linux 


The following setup is required to reuse the Apache cluster resources from your NetWare cluster: 


¢ When you install OES services on the server, Novell-ready versions of Apache 2 (64-bit) and 
Tomcat 5 are automatically installed and configured. You manually manage Apache services 
with the Apache configuration files. Use a text editor to create or modify the configuration files, 
then gracefully restart the Apache HTTP Server daemon (rcapache2 graceful) to apply the 
changes. 


WARNING: Do not install the Linux Web and LAMP pattern. Do not use the HTTP Server option 
in YaST to configure Apache or virtual host settings on an OES server. It overwrites essential 
OES settings for Apache and breaks the existing setup. For recovery information, see 

Section 7.4.1, “Apache Server Errors after Using the HTTP Server Option in YaST,” on page 53. 


+ To reuse an NSS pool cluster resource that contains your Web content, you must install Novell 
Storage Services for Linux on each OES node in the cluster. For information, see “Installing and 
Configuring Novell Storage Services” in the OES 2 SP3: NSS File System Administration Guide for 
Linux. 


¢ If you host multiple Web sites on a single server on NetWare, you must configure an Apache 
virtual host for each Web site on one OES node, then copy the configuration files to every OES 
node in the cluster. For information, see Section 7.2.3, “Creating and Configuring a Virtual Host 
for Each Web Site,” on page 43. 
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+ Ina Novell Cluster Services cluster, the directories you specify in the DocumentRoot directive 
and any Alias directives for a virtual host should reside on the same cluster resource so they 
can fail over together. The location that contains the Web content should be a directory on the 
volume, not the root of the volume. Specify the full Linux path of the directory. Linux paths are 
case-sensitive. 


For example, Novell Cluster Services scripts assume that the pool’s volumes are mounted in the 
default NSS location of /media/nss/<volume_name>. The full Linux path of the /www/mysite 
path on an NSS volume APACHEVOL is 


/media/nss/APACHEVOL/www/mysite 
¢ The following permissions are required: 


¢ The user wwwrun must be the file owner of the Web site directories and files. The group can 
be the system root or the Apache group www. 


+ If Web content resides on an NSS volume, the following additional permissions are 
required: 


¢ Enable the eDirectory user wwwrun and group www with Linux User Management 
(LUM). OES automatically creates and LUM-enables the user and group when you 
install the first OES server in a Novell eDirectory tree. 


¢ Assign the eDirectory user wwwrun as a file system trustee with Read and File Scan 
rights for the directory you specify in the DocumentRoot directive in the virtual host 
configuration file. 


These permissions are also required for Web content hosted on an NCP-enabled Linux 
volume. 


For information about the default OES setup for Apache and setting up virtual hosts, see Section 7.2, 
“Using Apache HTTP Server on OES Servers,” on page 40. 


7.2 Using Apache HTTP Server on OES Servers 


When you set up OES services on the server, Novell-ready versions of Apache 2 HTTP Server 
software and Tomcat 5 are automatically installed. Apache and the OES Welcome Web site are 
automatically configured for non-secure port 80 and secure port 443. The Apache HTTP Server 
daemon (httpd2) starts automatically on server restart. 


To set up personalized Web sites, you must manually create a virtual host configuration file for each 
Web site. Templates for secure SSL virtual host and non-secure virtual host configuration files are 
available in the /etc/apache2/vhosts.d/ directory. Use a text editor to create or modify the 
configuration files, then gracefully restart the Apache HTTP Server daemon (rcapache2 graceful) 
to apply the changes. 


WARNING: Do not use the HTTP Server option in YaST to configure Apache or virtual host settings 
on an OES server. It overwrites essential OES settings for Apache and breaks the existing setup. For 
recovery information, see Section 7.4.1, “Apache Server Errors after Using the HTTP Server Option in 
YaST,” on page 53. 


¢ Section 7.2.1, “Understanding the Default OES Setup of Apache HTTP Server,” on page 41 
è Section 7.2.2, “Manually Configuring Apache,” on page 42 

+ Section 7.2.3, “Creating and Configuring a Virtual Host for Each Web Site,” on page 43 

+ Section 7.2.4, “Requiring Strong Ciphers,” on page 46 

+ Section 7.2.5, “Configuring an SSL Certificate for the Server,” on page 46 
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è Section 7.2.6, “Configuring Apache to Listen on Multiple Ports,” on page 47 

+ Section 7.2.7, “Configuring Permissions for the Web Site DocumentRoot Directory,” on page 47 
+ Section 7.2.8, “Configuring a Web Location that Requires LDAP Authentication,” on page 49 

è Section 7.2.9, “Starting, Stopping, or Restarting the Apache Daemon,” on page 51 

è Section 7.2.10, “Viewing the Apache Log Files,” on page 51 


7.2.1 | Understanding the Default OES Setup of Apache HTTP Server 


When you install services from the OES Add-On disk, the following Apache setup is configured: 


+ “Apache and Tomcat Installation” on page 41 

+ “Apache HTTP Server Configuration” on page 41 

+ “Apache User wwwrun and Group www” on page 41 

¢ “Virtual Host for the OES Welcome Web Site” on page 42 

¢ “Secure SSL Virtual Host for the Default Web Site” on page 42 

¢ “Secure SSL Virtual Host for the Novell iManager Web Site” on page 42 


Apache and Tomcat Installation 


Novell-ready versions of Apache 2 HTTP Server software and Tomcat 5 are automatically installed 
when you set up OES services on a server. OES installs the Apache prefork mode or worker mode 
packages, depending on the OES services you install. If OES installs Apache Prefork packages, 
Apache should run in prefork mode rather than worker mode. OES sets the preference for Prefork 
mode with the APACHE _MPM="prefork" directive in the /etc/sysconfig/apache2 global Apache 
configuration file. 


Apache HTTP Server Configuration 


OES configures Apache settings in the /etc/sysconfig/apache2 global configuration file and the / 
etc/apache2/conf.d/oes_httpd.conf configuration file. 


The /etc/sysconfig/apache2 configuration file controls some global settings of Apache, such as 
modules to load, additional configuration files to include, server flags to apply when the Apache 
HTTP Server daemon (httpd2) is started, and flags that should be added to the command line. 


Apache User wwwrun and Group www 


Apache uses the user wwwrun identity to serve files to clients of your Web site. OES and Apache 
configure the following during the OES installation: 


¢ The Apache installation creates a local group www and user wwwrun on the server. 


You configure the user wwwrun as the file owner of the Web site’s main directory and files. 


+ OES creates the group www and the user wwwrun in Novell eDirectory when you install an OES 
server in an eDirectory tree for the first time. The user wwwrun is added as a member of the group 
www. The user novlxsrvd is also created and added to the group www. 
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7.2.2 


+ OES enables the group www and its member users (wwwrun and novlxsrvd) for Linux with Linux 
User Management (LUM). 


If your Web site is hosted on an NSS volume or an NCP-enabled Linux volume, you must assign 
the eDirectory user wwwrun as a file system trustee of the Web site’s main directory, and give the 
trustee Read and File Scan rights. 


For information about changing the file owner or configuring a file system trustee, see Section 7.2.7, 
“Configuring Permissions for the Web Site DocumentRoot Directory,” on page 47. 


Virtual Host for the OES Welcome Web Site 


OES automatically configures the OES Welcome Web site in the /etc/opt /novell/httpd/cont .d/ 
welcome-apache.conf file. Listening is set up on port 80 in the /etc/apache2/listen.conf file. 
Port 80 is opened in the firewall. The Apache HTTP Server daemon (ht tpd2) starts automatically on 
server restart. 


Apache serves the Welcome page for the OES server at 


http://<server_dns_or_ip_address> 


Secure SSL Virtual Host for the Default Web Site 


OES automatically configures a default secure virtual host (_default_:443) in the /etc/apache2/ 
vhost .d/vhost-ssl.conf file. It sets up listening on port 443 in the /etc/apache2/listen.conf 
file. It opens port 443 in the firewall. The default virtual host configuration is automatically loaded 
first. It is also used when a domain name does not match a virtual host configuration. The default 
virtual host defines a custom log /var/log/apache2/ssl_request_log to capture events for SSL 
requests. An Include directive in the /etc/apache2/vhost .d/vhost-ssl.conf file automatically 
loads the virtual hosts that are defined in the /etc/opt/novell/httpd/sslconf.d/*.conf files. 


Secure SSL Virtual Host for the Novell iManager Web Site 


If you install Novell iManager on an OES server, the iManager installation automatically configures a 
secure virtual host for iManager and Novell Portal Services (NPS) in the /etc/opt /novel1/ 
iManager/nps-Apache.conf file. A symbolic link in the /etc/opt/novell/httpd/sslconf.d/ 
directory points to the nps-Apache.conf file. This allows the virtual host to be automatically 
included along with the default secure virtual host when Apache is restarted. 


Aliases are defined in the nps-Apache. conf file to hit the Web site with any of the following URLs: 
https://<server_dns_or_ip_address>/nps/iManager.html 
https://<server_dns_or_ip_address>/nps 


https://<server_dns_or_ip_address>/iManager.html 


Manually Configuring Apache 


On OES servers and Novell Open Workgroup Suite (NOWS) Small Business Edition (SBE) servers, 
you must manually configure Apache settings, OES virtual hosts, and virtual hosts for your 
personalized Web sites. Use a text editor to create or modify the configuration files, then gracefully 
restart the Apache HTTP Server daemon (rcapache2 graceful) to apply the changes. 
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WARNING: Do not use the HTTP Server option in YaST to manage Apache or the virtual host 
settings on an OES server. It overwrites essential OES settings for Apache and breaks the existing 
setup. For recovery information, see Section 7.4.1, “Apache Server Errors after Using the HTTP Server 
Option in YaST,” on page 53. 


For information about using the configuration files to manage your Apache HTTP Server and virtual 
hosts, see “Configuring Apache Manually” (https://www.suse.com/documentation/sles11/ 
book_sle_admin/data/sec_apache2_configuration.html#sec_apache2_configuration_manually) in the 
SLES 11 Administration Guide (http://www.suse.com/documentation/sles11/book_sle_admin/data/ 
book_sle_admin_pre.html). 


Creating and Configuring a Virtual Host for Each Web Site 


On Linux, the Apache HTTP server can serve multiple universal resource identifiers (URIs) from a 
single instance of Apache running on the server. That is, multiple Web sites, such as 
www.example.com and www.example.net, can be run from a single Web server. Each Web site is 
referred to as a virtual host. Virtual hosts can be name based, IP based, or port based. 


You can set up personalized Web sites by manually creating a virtual host configuration file for each 
Web site. Templates for secure SSL virtual host and non-secure virtual host configuration files are 
available in the /etc/apache2/vhosts.d/ directory. 


When you cluster-enable the Web content by using Novell Cluster Services, use the IP address of the 
cluster resource for the virtual host. This ensures that the Web site traffic is directed to the cluster 
node where the Web content cluster resource is currently active. Do not use the server node’s IP 
address or the master IP address of the cluster. Specify the Linux file path to the Web content. 


On OES servers, you create and configure a separate virtual host configuration file for each Web site 
that you want to host in the cluster. The following procedure provides basic information about 
setting up the file. Refer to other sections in this document to learn about the key settings that are 
available. For detailed information, see the Apache Virtual Host documentation Web site (http:// 
httpd.apache.org/docs/2.2/vhosts/). 

1 Choose an OES node in the cluster, then log in as the root user. 

2 Create a copy of the virtual host template file in the /etc/apache2/vhosts.d/ directory. 


The /etc/apache2/vhosts.d/ directory contains a basic template (vhost . template) for a non- 
secure virtual host and an SSL template (vhost -ssl.template) for a secure virtual host. 


3 Rename the file with a name for your virtual host, and add the .conf file extension, such as 
mysite-Apache.conf. 


4 Open the virtual host file in a text editor and configure the virtual host settings for your 
personalized Web site: 


4a If the Web content is clustered with Novell Cluster Services, set the VirtualHost directive 
to the IP address or DNS host name assigned to the cluster resource: 


<VirtualHost hostname> 


For example, if the DNS name is mysite.example.com, specify mysite as the 
VirtualHost. 


<VirtualHost mysite> 


4b Set the value of the DocumentRoot directive to the Linux path of the directory where you 
placed your Web content, and specify the directory options for this location. 
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The target directory must contain an index.html file, which is the root document for the 
virtual host. Specify the Linux path to the directory. For example, if you place your Web 
content in an NSS volume path APACHEVOL: \www\mysite, the Linux path is /media/nss/ 
APACHEVOL/www/mysite 


DocumentRoot "/media/nss/APACHEVOL/www/mysite" 


<Directory "/media/nss/APACHEVOL/www/mysite"> 
# Possible options are "None", "All" or any combination of: 
# Indexes Includes FollowSymLinkx SymLinksifOwnerMatch ExecCGI MultiViews 


Options Indexes MultiViews 

AllowOverride None 

Order allow,deny 

Allow from all 
</Directory> 


4c Configure the host settings as desired for other directives in the file. 
The minimum settings for a non-secure Web site are shown in the following example: 
<VirtualHost mysite> 
DocumentRoot "/media/nss/APACHEVOL/www/mysite" 


ServerAdmin mysite-admin@example.com 
ServerName mysite.example.com 


ErrorLog /var/log/apache2/error_log 
TransferLog /var/log/apache2/access_log 
#CustomLog /var/log/apache2/mysite.example.com-access_ log combined 


HostnameLookups On 
UseCanonicalName On 
ServerSignature Off 


<Directory "/media/nss/APACHEVOL/www/mysite"> 
# Possible options are "None", "All" or any combination of: 
# Indexes Includes FollowSymLinkx SymLinksifOwnerMatch ExecCGI MultiViews 


Options Indexes MultiViews 

AllowOverride None 

Order allow,deny 

Allow from all 
</Directory> 


</VirtualHost> 


4d (Optional) Specify alias paths in the virtual host configuration file. 


For example, specify an alias for a Support Web location that has a support directory at the 
same level as mysite. Include the Alias and Directory directives before the </ 
VirtualHost > close tag. 


Alias /support "/media/nss/APACHEVOL/www/support" 
<Directory "media/nss/APACHVOL/www/support"> 
Options Indexes MultiViews 
AllowOverride None 
Order deny, allow 
Allow from all 
</Directory> 


For information about alias paths that require LDAP authentication, see Section 7.2.8, 
“Configuring a Web Location that Requires LDAP Authentication,” on page 49. 


4e Save the virtual host configuration file. 
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5 (Optional) In the /etc/apache2/listen.conf file, add a Listen directive that specifies the IP 
address that you assigned to your cluster-enabled pool, and specify the port to use. 


OES configures Apache to listen on non-secure port 80 by default. It listens for all traffic. 


6 Make the Web sites visible on your network or to the world: 


6a 
6b 
6c 


Add the site name and IP address resolution to your DNS server to make them visible. 
If you use a non-standard port, open the port in the node’s firewall. 


If the traffic is from outside the firewall, open the port in the network firewall. 


7 Gracefully restart the Apache HTTP Server daemon to apply the virtual host configuration: 


rcapache2 graceful 


Each .conf file is automatically included in the Apache configuration when you restart Apache. 


8 Set up the virtual host for each of the remaining nodes: 


8a 
8b 


8c 


8d 


8e 


Log in to the next node as the root user. 


Copy the virtual host configuration file (such as /etc/apache2/vhosts.d/mysite- 
apache. conf) to the next node. 


Create a local Linux path to the Web site that you specified in the DocumentRoot directive 
and to any paths you specified in Alias directives, then make the user wwwrun the owner of 
the directory and its contents. 


When Apache is started or restarted, it looks for the paths specified in your Web site’s 
virtual host configuration file. If a path does not exist, Apache reports an error but it loads 
the virtual host. Users access the site via the IP address or DNS name of the cluster resource, 
so Web content is served only on the node where the resource is active. 


When a cluster resource is not active on a node, the volume subdirectory (such as 
APACHEVOL) in the /media/nss directory is normally removed, and the path to the Web site 
does not exist. Creating the local path allows Apache to find the path even when the 
resource is not active on the node, and no error is reported when Apache loads. When the 
resource is taken offline, NSS does not remove the volume directory because it is now non- 
empty (it contains the local paths you create). The local path should not contain files. To add 
or remove Web content files, access the NSS volume via the IP address of the cluster 
resource. 


Enter the following commands for the Web site path and alias paths. The chown command 
changes the group to the Apache www group unless the group is the root user. 


mkdir -p /media/nss/<volume_name>/<path> 
chown wwwrun:www /media/nss/<volume_name>/<path> 
For example, enter 
mkdir -p /media/nss/APACHEVOL/www/mysite 
chown wwwrun:www /media/nss/APACHEVOL/www/mysite 


mkdir -p /media/nss/APACHEVOL/www/support 


chown wwwrun:www /media/nss/APACHEVOL/www/support 


Open a terminal console as the root user, then gracefully restart Apache: 


rceapache2 graceful 


Repeat these steps on each of the remaining nodes in turn. 
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1.2.4 


7.2.9 


IMPORTANT: Any time that you make changes to the virtual host configuration file, you must copy 
the modified file to every node in the cluster, and gracefully restart Apache on each node. 


Requiring Strong Ciphers 


We recommend that you secure your Web solution by requiring strong ciphers when the client is 
negotiating the connection in the SSL handshake. 


We recommend that you enable only the strongest ciphers: RSA, HIGH, and SSLv2. 
To enable strong ciphers and disable weak ciphers: 


1 Ina text editor, modify the /etc/apache2/vhosts.d/vhost-ssl.conf file to require strong 
ciphers. Modify the default settings by placing a plus sign (+) before RSA, HIGH, and SSLv2, 
and placing an exclamation mark (!) before the weaker ciphers: 


# SSL Cipher Suite: 
SSLCipherSuite ALL: !ADH: !EXPORT56:RC4+RSA:+HIGH: !MEDIUM: !LOW:+SSLv2: ! EXP: !eNULL 


2 Gracefully restart Apache on the server: 


rceapache2 graceful 


3 Repeat this process on every Linux node in the cluster. 


You can alternatively copy the Apache SSL configuration file (/etc/apache2/vhosts.d/vhost - 
ssl.conf) to every Linux node in the cluster, and then restart Apache. 


Configuring an SSL Certificate for the Server 


OES automatically configures secure SSL communications for a default virtual host 
(_default_:443). SSL is enabled in the Apache global configuration file (/etc/sysconfig/apache2) 
with the following directive: 


APACHE SERVER_FLAGS="SSL" 


The default SSL configuration is defined in the /etc/apache2/vhosts.d/vhost-ssl.conf file. It 
uses an INCLUDE directive for the /etc/opt /novell/httpd/sslconf.d/*.conf files. This target 
directory contains the configuration files (or symbolic links to them) for OES virtual hosts that 
require SSL, such as the nps-Apache. conf file that is used for the Novell iManager tool. 


By default, OES sets up an SSL certificate file and key file for the server by using certificates 
generated in Novell eDirectory. Table 7-1 identifies the location of the SSL certificate and key files that 
are referenced by the SSLCertificateFile and SSLCertificateKeyFile directives in the /etc/ 
apache2/vhosts.d/vhost-ssl.conf file. 


Table 7-1 Default OES Server Certificates 


OES Server Certificate File Location 
SSL Certificate File /etc/ssl/servercerts/servercert.pem 
SSL Certificate Key File /etc/ssl/servercerts/serverkey.pem 


IMPORTANT: If you use SSL, set up a server certificate for each virtual host unless you use a 
wildcard certificate. 
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If you modify the content or location of the certificate and key files, gracefully restart the Apache 
HTTP Server daemon (rcapache2 graceful) to apply the new values. 


Configuring Apache to Listen on Multiple Ports 


The Listen directive in the /etc/apache2/listen.conf file tells the Apache HTTP Server to accept 
incoming requests on the specified port or an address-and-port combination. If the directive specifies 
only a port, the server listens to the given port on all interfaces. If the directive specifies an IP address 
and port combination, the server listens on the given port and network interface. 


By default, OES configures Apache to listen on non-secure port 80 and secure port 443 in the /etc/ 
apache2/listen.conf file. If a firewall is used on the server, port 80 and port 443 are automatically 
opened in the firewall. The ports are not bound to a particular IP address, so Apache responds to 
requests on all IP interfaces on the server. 


Listen 80 


<IfDefine SSL> 
<IfDefine !NOSSL> 
<IfModule mod_ssl.c> 
Listen 443 
</IfModule> 
</IfDefine> 
</IfDefine> 


You can configure multiple Listen directives to specify multiple IP addresses and ports. The server 
responds to requests from any of the listed addresses and ports. For information about formats and 
options for the Listen directive, see the Listen Directive (http://httpd.apache.org/docs/2.2/mod/ 
mpm_common.htmlf#listen) in the Apache MPM Common Directives collection. 


If you configure non-standard ports for your personalized Web sites, you must add a Listen 
directive in the /etc/apache2/listen.conf file, then gracefully restart the Apache HTTP Server 
daemon (rcapache2 graceful) to apply the changes. Ensure that you open the port in the firewall. 


Configuring Permissions for the Web Site DocumentRoot Directory 


Apache uses the user wwwrun identity to serve files to clients of your Web site. You must configure 
permissions for the Web site content that allow Apache to serve the files to client users. 


¢ “Setting the User wwwrun as the Owner of the Web Site’s Directory and Files” on page 47 


¢ “Setting User wwwrun as a File System Trustee of the Web Site’s Directory” on page 48 


Setting the User wwwrun as the Owner of the Web Site’s Directory and Files 


The user wwwrun must be the file owner of the Web site’s main directory and files. 


1 Log in as the root user, and open a terminal console. 


2 Change directory to go to the directory that contains the main directory of your Web site. This is 
the directory you specify as the DocumentRoot in the virtual host configuration file. 


For example, if the DocumentRoot is /media/nss/APACHEVOL/www/mysite, enter 


cd /media/nss/APACHEVOL/www 


3 Change the owner of the Web site’s directory and files to user wwwrun. Enter: 
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chown -R wwwrun:www mysite 


This recursively modifies the owner to user wwwrun for the directory and the subdirectories and 
files it contains. It changes the group to www unless the group is set to the root user. 


4 Ina file browser, view the directory’s properties to verify that the owner was changed. 


mysite Properties 


Open With Notes | Share | 


| Basic | Emblems | Permissions 


File owner: | wwwun - WWW daemon apache a | 
File group: | root = | 
Owner: [g] Read [V] Write [¥| Execute 
Group: <) Read [V] Write [¥| Execute 
Others: [g] Read [| Write [V] Execute 
Special flags: |_| Set user ID 
g Set group ID 


[C] Sticky 


Text view: drwxrwxrwx 
Number view: 777 


Last changed: Fri Apr 5 19:18:00 2013 


[ Ou | Xam | 


You can also use the 1s -al <path> command to list the directory and view the owner, group, 
and permissions. 


Setting User wwwrun as a File System Trustee of the Web Site’s Directory 


OES automatically creates the user wwwrun and group www in Novell eDirectory. Both are LUM- 
enabled. You can verify their configuration by using the Directory Administration option and Linux 
User Management option in Novell iManager. 


If your Web site is hosted on an NSS volume or an NCP-enabled Linux volume, you must assign the 
eDirectory user wwwrun as a file system trustee of the Web site’s main directory, and give the trustee 
Read and File Scan rights. You can also set the www group as a trustee with Read and File Scan rights. 
1 Log in to Novell iManager as an administrator user. 
2 Inthe iManager toolbar, click the View Objects icon. 


3 In the Tree view, select the volume, then browse the file system to locate the directory that 
contains your Web site’s content. 


4 Select the check box next to the directory, then select Actions > Properties. 
5 On the Properties page, select Rights. 
6 Click the Add Trustee browse icon to open the Object Selector. 


7 Locate and select the user wwwrun, then click OK. 
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The user wwwrun is added as a trustee with the default Read and File Scan rights. 


Properties: 
Files and Folders 
Information | Gru | Inherited Rights 
Trustees SOR W C E ne eee 
[X] wwwrun.novell O A A 4 O} 
| 
| 
Add Trustee: | (@ fa [a] 


Inherited Rights Filter 


Uncheck to filter rights inherited from parent directories 


x! Supervisor ~ Read x! Write ~ Create 
\¥) Erase “| Modify v] FileScan ~) Access Control 
OK |__ Cancel | Apply | _ _ Refresh | 


8 Click Apply or OK to save the changes. 


Configuring a Web Location that Requires LDAP Authentication 


If you have documents or a location that requires restricted Web access, you can set up Apache to 
enforce eDirectory authentication and force the authentication to be done over https. This solution 
can be used on individual directories, URLs, or the entire Apache server. 


The following example creates a single secure location so that any document that is referenced under 
the directory requires authentication. For example, the URL www.example.com can have public 
access, while the URL www.example.com/secure and documents it contains require authentication. 
Authentication should be done over a secure connection (https) rather than a non-secure connection 
(http). All http attempts are redirected to https for the given location. 


1 Ensure that the rewrite module is enabled in the /etc/sysconfig/apache2 global 
configuration file. OES enables this module by default. 


Open the /etc/sysconfig/apache2 file in a text editor, and verify that rewrite is listed in the 
modules defined in the APACHE_MODULES directive. 


2 Configure the permissions for the user wwwrun on the target directory: 


2a Change the owner to the Apache user wwwrun: 


chown -R wwwrun:www /media/nss/APACHEVOL/www/secure 
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This changes the group to the Apache group www unless the group is the root user. 


2b For an NSS volume or an NCP-enabled Linux volume, configure the user wwwrun as a file 
system trustee of the /media/nss/APACHEVOL/www/secure directory, and give the trustee 
Read and File Scan rights. 


For information, see “Setting User wwwrun as a File System Trustee of the Web Site’s 
Directory” on page 48. 
3 Ina text editor, create a copy of the /etc/apache2/vhosts.d/vhosts-ssl.template file to 
create a secure.conf configuration file. 


4 Allow for all http requests for the /secure alias to be redirected to https. Add the following 
directives to the secure.conf file: 


RewriteEngine On 
RewriteRule */secure https://%{SERVER_NAME}/secure [L,R] 


5 Ifthe location that contains secure information exists outside the DocumentRoot directory, create 
an alias to the directory. Add the following line to the secure. conf file: 


Alias /secure "/<path_to_directory>/secure" 


For a cluster resource, the secure directory ideally resides on the same clustered volume as the 
Web site, and at the same directory level as DocumentRoot for the Web site: 


Alias /secure "/media/nss/APACHEVOL/www/secure" 


6 Under the Alias directive, add the option for LDAP authentication under the Directory 
directive in the secure . conf file. Specify the IP address or DNS name of the Web site’s cluster 
resource. 


<Directory “media/nss/APACHVOL/www/secure” > 

Options Indexes MultiViews 

AllowOverride None 

Order deny,allow 

Allow from all 

AuthType Basic 

AuthName "Protected" 

require valid-user 

AuthLDAPAuthoritative On 

AuthLDAPURL ldaps://<cluster_resource_ip_address_or_dns_name>/o=corp?uid?sub 
</directory> 


7 Save the /etc/apache/vhosts.d/secure.conf file. 


8 Open a terminal console as the root user, then gracefully restart the Apache daemon: 
rcapache2 graceful 
9 Verify that Apache is able to start. 


If there are errors, make corrections in the configuration file, then restart the Apache daemon. 


10 Ina Web browser, go to the Web site with http and verify that you are redirected to https, and 
that you can authenticate against the /secure alias. 
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Starting, Stopping, or Restarting the Apache Daemon 


The Apache HTTP Server program runs as a daemon (ht tpd2) that executes continuously in the 
background to handle requests. OES configures the daemon to start automatically on system restart. 
You must restart Apache to apply any changes you make to the Apache or virtual host configuration 
files, or to add new virtual host configuration files. A graceful restart does not disrupt the service. 


In a cluster, you manually copy the virtual host configuration files for clustered personalized Web 
sites to every node in the cluster. When Apache starts on each node, it reads the configuration file and 
is available to serve the site when the resource is active on the node. You do not add Apache 
commands in the resource’s load and unload scripts. All requests to a clustered Web site are sent to 
the DNS name or IP address of the cluster resource, and not to a specific node. The site’s requests are 
served by the Apache process that runs on the node where the cluster resource is currently active. 


To start, stop, or restart the Apache daemon, use the /usr/sbin/rcapache2 commands in Table 7-2: 


Table 7-2 /usr/sbin Commands 


Command Description 


rceapache2 start Starts the ht tpd2 parent process. The parent process reads its 
configuration files and opens log files, and then spawns the child 
processes to serve hits. 


OES configures the Apache daemon to start automatically on server 
restart. 


rceapache2 stop Causes the parent process to immediately attempt to kill all of its child 
processes. This can take several seconds. The parent exits after all child 
processes have exited. Any requests in progress are terminated, and no 
further requests are served. 


rcapache2 graceful-stop Causes the parent process to advise its child processes to exit after their 
current request (or to exit immediately if they are not serving anything). The 
parent removes its PID file and ceases listening on all ports. The parent 
continues to run, and monitors child processes that are handling requests. 
The parent exits after the child processes complete the pending requests 
and exit, or when a timeout period has elapsed (as specified by the 
GracefulShutdownTimeout). If the timeout is reached, any remaining 
child processes are automatically sent the TERM signal to force them to 
exit, and any requests in progress are terminated. 


rceapache2 restart Causes the parent process to immediately kill its child processes like the 
stop option, but the parent does not exit. It re-reads its configuration files, 
and re-opens any log files. Then it spawns a new set of child processes 
and continues serving hits. 


rcapache2 graceful Causes the parent process to advise the child processes to exit after their 
current request (or to exit immediately if they are not serving anything). The 
parent re-reads its configuration files and re-opens its log files. As each 
child dies, the parent replaces it with a child from the new generation of the 
configuration, which begins serving new requests immediately. 


Viewing the Apache Log Files 


The following Apache log files are located in the /var/log/apache2/ directory: 


access _log 
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error_log 
rcapache2.out 
rewrite log 


ssl_request_log 


You can also specify custom logs by adding the CustomLog directive to your virtual host 
configuration file. For information about formatting the custom log, see Apache Module mod_log_config 
(http://httpd.apache.org/docs/2.2/mod/mod_log_config.html). 


7.3 Converting the Apache Cluster Resource 


Before you convert the Apache Cluster Resource to run on Linux servers, ensure that your servers 
meet the Prerequisites for Reusing NetWare Apache Cluster Resources on Linux. 


1 Configure the virtual hosts for your personalized Web sites on each Linux node in the cluster as 
described in Section 7.2, “Using Apache HTTP Server on OES Servers,” on page 40. 
2 IniManager, offline the NSS pool cluster resource from a NetWare node. 


3 IniManager, modify the load and unload scripts to remove the Apache start and stop 
commands. 


4 IniManager, cluster migrate the cluster resource to a Linux node. The new load script applies 
when the resource loads. 


5 Offline the Apache cluster resource. 


Leave the resource offline until all Linux nodes have been added and the cluster conversion has 
been finalized. 


6 IniManager, set up the preferred nodes for the Apache cluster resource to include only Linux 
nodes in the cluster. 


7 Finalize the steps to complete the cluster conversion, then commit the conversion. 


8 Online the Apache cluster resource. 


cluster online <resource_name> [node_name] 


9 Ina Web browser, access your Web site to ensure that the files are available. 
If you get permission errors, check the following: 


+ The user wwwrun should be set as a file system trustee of the directory that is used as the 
DocumentRoot for the Web site. Assign Read and File Scan rights to the trustee. 


+ The user wwwrun should be set as the file owner of the Web content. 


For information, see Section 7.2.7, “Configuring Permissions for the Web Site DocumentRoot 
Directory,” on page 47. 


10 Cluster migrate the resource to each node in the cluster in turn, and access the Web site from a 
Web browser to ensure the site is accessible from each of its preferred nodes. 


11 Cluster migrate the resource to its most preferred node. 
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7.4.1 


1.4.2 


Troubleshooting the Apache HTTP Server 


This section describes some issues you might experience with Apache HTTP Server and provides 
suggestions for resolving or avoiding them. For additional troubleshooting information, see the 
Novell Technical Support Knowledgebase (http://www.novell.com/support). 


+ Section 7.4.1, “Apache Server Errors after Using the HTTP Server Option in YaST,” on page 53 
è Section 7.4.2, “Files Downloaded from NetStorage Are 0 Bytes,” on page 53 


Apache Server Errors after Using the HTTP Server Option in YaST 


If you use the HTTP Server option in YaST to manage Apache or virtual hosts, the option can 
overwrite essential OES settings and load the wrong modules, which breaks the default Apache 
HTTP Server setup. For information, see TID 7002562 (http://www.novell.com/support/kb/ 
doc.php?id=7002562) in the Novell Knowledgebase. 


If you have used the HTTP Server option in YaST and Apache is no longer working, recover the OES 
default Apache HTTP Server setup by doing the following: 


1 As the root user, open the /etc/sysconfig/apache2 file in a text editor and modify the 
following directives: 


+ Proxy module: In the APACHE MODULES= line in the file, ensure that the proxy module is 
listed before the proxy_ajp module. For example (some modules are not listed for ease of 
reading the example): 


APACHE MODULES="cgi dir rewrite ssl proxy proxy_ajp ssl" 


+ SSL module: In the APACHE MODULES= line in the file, ensure that the ss1 module is listed. 
For example (some modules are not listed for ease of reading the example): 


APACHE MODULES="cgi dir rewrite ssl proxy proxy_ajp ssl" 


¢ Prefork mode: If OES installs Apache Prefork packages, Apache should run in prefork 
mode rather than worker mode. To force this, ensure that the APACHE MPM="" line is set to 
"prefork". For example: 


APACHE MPM="prefork" 
¢ SSL: Ensure secure communications by enabling the SSL flag. For example: 
APACHE SERVER_FLAGS="SSL" 


2 Gracefully restart Apache to apply the changes. As the root user, enter the following command 
at a console prompt: 


rcapache2 graceful 


Files Downloaded from NetStorage Are 0 Bytes 


After you lock down ciphers for an Apache HTTP Server to use only the strongest SSL ciphers, all of 
the files downloaded from NetStorage are 0 bytes in size. 


NetStorage might not work as expected if you lock down Apache HTTP Server to disallow low and 
medium SSL ciphers. Try allowing medium SSL cipher settings to see if that is sufficient, then add 
back low cipher settings if necessary. 


For other SSL cipher configuration options, see SSL/TLS Strong Encryption: How-To (http:// 
httpd.apache.org/docs/2.2/ssl/ss|_howto.html) at Apache.org. 
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7.5 Additional Information 


The latest Apache documentation is available on the Apache HTTP Server Version 2.2 
Documentation Web site (http://httpd.apache.org/docs-2.2/). 
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Novell Archive and Version Services 


On NetWare, Archive and Versioning Services uses a MySQL database. On Novell Open Enterprise 
Server (OES) 2 Linux, it uses a PostgreSQL database. You can migrate the data from the MySQL 
database to the PostgreSQL database on Linux. You must configure a new cluster resource on a 
shared Linux POSIX file system for the PostgreSQL database. 


The load script commands are also different on OES 2 Linux. For information, see “Archive Load and 
Unload Scripts” in the OES 2 SP3: Novell Archive and Version Services 2.1 Administration Guide for Linux. 
¢ Section 8.1, “Prerequisites,” on page 55 


+ Section 8.2, “Copying Database Files from MySQL to PostgreSQL,” on page 55 


Prerequisites 


Mixed-node operations are not supported by Novell Archive and Version Services. Before you begin 
the conversion, ensure that Archive and Version Services is not running on the NetWare servers in 
the cluster. 


Copying Database Files from MySQL to PostgreSQL 


1 Install Archive and Version Services on an OES 2 Linux node in the cluster. 
2 Install Archive and Version Services on a a second OES 2 Linux node in the cluster. 


3 Using database migration tools, migrate the data in the MySQL database on NetWare to the 
PostgreSQL database on of the Linux nodes. 


4 Cluster migrate the shared NSS pool resource that contains the volumes that were being 
archived from the NetWare server to a Linux node. 


5 Remove the NetWare nodes from the cluster and finish the cluster conversion process. 


6 On the OES 2 Linux cluster, set up Archive and Version Services as described in “Configuring 
Archive and Version Service for Novell Cluster Services” in the OES 2 SP3: Novell Archive and 
Version Services 2.1 Administration Guide for Linux. 


7 On the Linux node where the primary NSS pool resources are active, use the Clusters plug-in in 
iManager to create an Archive Versioning cluster resource. 


8 Copy the database files from the single-server location (/var/opt /novell/arkmanager/data) 
to the shared Linux POSIX volume that you created when you set up Archive and Version 
Services for clustering in Step 7. 


Use the cp -a command at a terminal console prompt to copy all files and retain the 
permissions. 


9 Change the ownership of the new database location on the shared volume by entering the 
following at a terminal console prompt: 


chown -R arkuser:arkuser_prggrp /shared/datapath 
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10 Edit the /etc/opt/novell/arkmanager/conf/arkdatadir.conf file to change the database 
location to new shared path. 


11 Edit the /opt/novell/arkmanger/bin/pg_restart.sh file to change the line that starts the 
PostgreSQL database to the following: 


su arkuser -c "postmaster -D /shared/datapath -h 127.0.0.1 -p 5432 -i" 
12 Start Archive and Version Services by entering 


renovell-ark start 


You should see Archive and Version Services and the PostgreSQL database starting. 
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9.1 


eDirectory Server Certificates 


Novell Certificate Server provides two categories of services: Certificate Authority (CA) and Server 
Certificates. The Certificate Authority services include the Enterprise CA and CRL (Certificate 
Revocation List). Only one server can host the CA, and normally that same server hosts the CRLs if 
they are enabled (although if you move the CA to a different server, the CRLs usually stay on the old 
server). The CA and CRL services are not cluster-enabled in either NetWare or OES 2 Linux, and 
therefore, there are no cluster-specific tasks for them. 


Novell Certificate Server provides a Server Certificates service for NetWare and Linux. The service is 
not clustered. However, clustered applications that use the server certificates must be able to use the 
same server certificates on whichever cluster node they happen to be running. Use the instructions in 
the following sections to set up Server Certificate objects in a clustered environment to ensure that 
your cryptography-enabled applications that use Server Certificate objects always have access to 
them. 


The eDirectory Server Certificate objects are created differently in OES 2 Linux and cannot be directly 
reused from the NetWare server. The differences and alternatives for setting up certificates on Linux 
are described in the following sections: 


è Section 9.1, “Server Certificate Changes in OES 2 Linux,” on page 57 
è Section 9.2, “Using Internal Certificates in a Cluster,” on page 58 


+ Section 9.3, “Using External Certificates in a Cluster,” on page 58 


Server Certificate Changes in OES 2 Linux 


When you install NetWare or OES 2 Linux in an eDirectory environment, the Server Certificate 
service can create certificates for eDirectory services to use. In addition, custom certificates can be 
created after the install by using iManager or command line commands. 


For NetWare, all applications are integrated with eDirectory. This allows applications to 
automatically use the server certificates created by Novell Certificate Server directly from eDirectory. 
In a NetWare cluster, you might have copied the Server Certificate objects to all nodes in the cluster 
using backup and restore functions as described in “Server Certificate Objects and Clustering” (http:/ 
/www.novell.com/documentation/crt33/crtadmin/data/a2ebopb.html#acebe5n) in the Novell 
Certificate Server 3.3.2 Administration Guide (http://www.novell.com/documentation/crt33/crtadmin/ 
data/a2ebomw.html). 


For OES 2 Linux, many applications (such as Apache and Tomcat) are not integrated with eDirectory 
and therefore, cannot automatically use the certificates created by Novell Certificate Server directly 
from eDirectory. By default, these services use self-signed certificates, which are not in compliance 
with the X.509 requirements as specified in RFC 2459 and RFC 3280. 
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To address the difference, Novell Certificate Server offers an install option for OES 2 Linux called Use 
eDirectory Certificates that automatically exports the default eDirectory certificate SSL Certificate DNS 
and its key pair to the local file system in the following files: 


/etc/ssl/servercerts/servercert .pem 


/etc/ssl/servercerts/serverkey.pem 


9.2 Using Internal Certificates in a Cluster 


Recent versions of Novell Certificate Server create default certificates that allow you to specify an 
alternative IP address or DNS address by adding it in the Subject Alternative Name extension. This 
requires that your DNS service be configured to reflect the cluster IP/DNS address as the default (or 
first) address. If the DNS service is set up correctly, the cluster applications can use the default 
certificates without needing any administration. 


IMPORTANT: If the DNS service is not set up correctly, then you must use the process described for 
external certificates in “Using External Certificates in a Cluster” on page 58. 


For OES 2 Linux clusters using the internal certificate method, ensure that the DNS service is 
configured to use the cluster IP/DNS address. During the OES 2 Linux install, select the Use eDirectory 
Certificates option so that Novell Certificate Server automatically creates the SSL Certificate DNS 
certificate with the correct IP/DNS address. By selecting the Use eDirectory Certificates option during 
the install and using the cluster IP/DNS address, clustered applications should be able to access the 
certificates without needing further configuration for the Server Certificate object. 


9.3 Using External Certificates in a Cluster 


External (third-party) certificates create a Server Certificate object that includes the cluster's IP and/or 
DNS address. Create a backup of this certificate. For each server in the cluster, create a Server 
Certificate object with the same name by importing the previously created backup certificate and key 
pair to a location on that server. This allows all of the servers in the cluster to use and share the same 
certificate and key pair. After all cluster nodes have the certificate, configure the cluster applications 
to use the server certificate. 


IMPORTANT: This cluster task can also be used for sharing internal certificates on the cluster nodes. 
In early versions of Novell Certificate Server, this was the only option available. 


For information about exporting and using eDirectory Server Certificates for External Services, see 
“Using eDirectory Certificates with External Applications” (http://www.novell.com/documentation/ 
crt33/crtadmin/data/bh9x78f.html) in the Novell Certificate Server 3.3.2 Administration Guide (http:// 
www.novell.com/documentation/crt33/crtadmin/data/a2ebomw.html). 


For OES 2 Linux clusters using the external certificate method, the solution is more complicated than 
for internal certificates. You must create the certificate for each server in the cluster just as you did for 
NetWare. You must also create a configuration on the SAS:Service object for each server so that the 
common certificate is automatically exported to the file system where the non-eDirectory enabled 
applications can use it. 
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Novell CIFS 


Novell CIFS for Linux is available beginning in OES 2 SP1 Linux. 


After you set up Novell CIFS on the Linux node and before you finalize the NetWare-to-Linux 
conversion, use the CIFS function in the Migration Tool to convert the configuration. For information, 
see “Migrating CIFS from NetWare to OES 2 SP3 Linux” in the OES 2 SP3: Migration Tool 
Administration Guide. 


The commands in the scripts are also different. After the migration, modify the load and unload 
scripts on the Linux server. For information, see Section 4.6, “Comparing File Access Protocol 
Resource Script Commands,” on page 26. 


CIFS on OES 2 SP1 Linux does not support NCP cross-protocol file locking. 


Beginning in OES 2 SP2 Linux, CIFS supports NCP cross-protocol file locking, which allows NCP, 
AFP, and CIFS users to access files on an NSS volume concurrently without data corruption by 
locking the files across protocols. On Linux, the cross-protocol file locking parameter for NCP Server 
is enabled by default. It must be enabled on each node in the cluster if you plan to give both NCP 
users and CIFS users access to an NSS volume in the cluster. See “Configuring Cross-Protocol File 
Locks for NCP Server” in the OES 2 SP3: NCP Server for Linux Administration Guide. 


Beginning in OES 2 SP3 Linux, CIFS supports the merged view for Novell Dynamic Storage 
Technology (DST) shadow volumes built with NSS volumes. Wait until the cluster conversion is 
complete before attempting to set up DST shadow volumes in the OES 2 SP3 Linux cluster. 
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11.1 


Novell Distributed File Services VLDB 


The Novell Distributed File Services volume location database (VLDB) . dat file format is the same 
on both NetWare and Linux. The shared NSS volume that contains the .dat file can be cluster 
migrated to the Linux server. 


Use one of these two methods for migrating the VLDB from NetWare to Linux: 


è Section 11.1, “Cluster Migrating the Shared NSS Volume for the VLDB,” on page 61 
¢ Section 11.2, “Adding a Linux Server as a Replica Site,” on page 62 


Cluster Migrating the Shared NSS Volume for the VLDB 


Use this method if you want to use the same shared disk where the VLDB is currently stored. 


1 For each Linux node where you expect to run the VLDB service, install Novell Storage Services 
and any of its dependent services on the Linux node, then add it to the mixed cluster that you 
are converting. 


2 For each of the Linux nodes, assign the node’s nssadmin user as a trustee of the container that is 
configured as the Management Context for the VLDB, and give the user at least the Read and 
Compare rights to the [All Attribute Rights] property. 


IMPORTANT: If the Management Context is configured to use the container that contains a 
node’s Server object, the nssadmin User object for that server is a already a trustee of the 
container and has the Supervisor right. Do not modify the existing rights settings for this 
nssadmin User object when you add rights for the [A11 Attribute Rights] property. 

2a In iManager, select Rights > Modify Trustees. 

2b Select the container that is configured as the Management Context, then click OK. 

2c Click Add Trustee, select the nssadmin User object, then click OK. 


The nssadmin User object is in the same container as its server. The user name format is 
serunameadmin.context. For example, if the server name is server1 .oul .mycompany, then 
serverladmin.ou1.mycompany is the nssadmin user name. 


2d Click Assigned Rights for the selected nssadmin User object. 
2e Assign the Read and Compare rights to the [All Attribute Rights] property, then click Done. 
2 


2g Repeat Step 2c through Step 2f for each of the Linux nodes where you expect to run the 
VLDB service. 


3 Cluster migrate the DFS cluster resource from NetWare to Linux. 


> 


Click Apply to save and apply the changes. 


4 On the Linux node where the VLDB is active, offline the DFS cluster resource. 


5 Remove the NetWare clusters from the cluster by using the cluster leave command, then 
finish the cluster conversion. 
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This automatically updates the basic cluster commands in the cluster resource scripts. 


6 Using the Clusters plug-in in iManager, modify the load script of the DFS cluster resource to 
change the vldb command to the Linux format. For example, change it from 


vldb /dir=vldbpath 
to 
vldb -dir /vldbpath 


7 Online the cluster resource. 


8 Run a VLDB repair to ensure that the database is correct. 


11.2 Adding a Linux Server as a Replica Site 


Use this method if you want to use a different shared disk for the VLDB on Linux. You can do this by 
adding a DFS replica site on Linux. 


1 Install OES 2 Linux on the server that you want to add to the cluster. Ensure that Novell Storage 
Services and any of its dependent services are installed. 


2 Assign the node’s nssadmin user as a trustee of the container that is configured as the 
Management Context for the VLDB, and give the user at least the Read and Compare rights to the 
[All Attribute Rights] property. 


IMPORTANT: If the Management Context is configured to use the container that contains a 
node’s Server object, the nssadmin User object for that server is a already a trustee of the 
container and has the Supervisor right. Do not modify the existing rights settings for this 
nssadmin User object when you add rights for the [All Attribute Rights] property. 


2a In iManager, select Rights > Modify Trustees. 
2b Select the container that is configured as the Management Context, then click OK. 
2c Click Add Trustee, select the nssadmin User object, then click OK. 


The nssadmin User object is in the same container as its server. The user name format is 
serunameadmin.context. For example, if the server name is server1 .oul .mycompany, then 
serverladmin.ou1.mycompany is the nssadmin user name. 


2d Click Assigned Rights for the selected nssadmin User object. 
2e Assign the Read and Compare rights to the [All Attribute Rights] property, then click Done. 


N 


f Click Apply to save and apply the changes. 


3 Create a shared NSS pool and volume on the OFS 2 Linux server, or create a shared Linux POSIX 
volume. 


4 IniManager, add the Linux server as the second VLDB replica site for the DFS management 
context, and point to the shared NSS volume as the VLDB location. 


Allow the VLDB data to synchronize between the NetWare replica and the Linux replica. 
In iManager, remove the NetWare instance of the replica site. 


Add the Linux server to the mixed-node NetWare cluster. 


on oO Wu 


Continue with the cluster conversion as described in Section 5.1, “Converting NetWare Cluster 
Nodes to OES 2 Linux (Rolling Cluster Conversion),” on page 29. 
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12.1 


12.2 


12.3 


DHCP Server 


The Novell DHCP Server for Linux is based on a standards-compliant implementation from ISC that 
is distributed with SUSE Linux Enterprise Server. DHCP uses a different schema on Linux to store 
the configuration in eDirectory. 


After you set up Novell DHCP Server on the OES 2 Linux server and before you complete the cluster 
conversion, you can use the DHCP option for the Migration Tool to convert the configuration from 
NetWare to OES 2 Linux. You cannot directly reuse the data. Migrate your DHCP server data, then 
perform the post-migration tasks to set up the configuration in the OES 2 Linux nodes of the cluster. 
¢ Section 12.1, “Setting Up Novell DHCP on OES 2 Linux,” on page 63 
è Section 12.2, “Prerequisites for Migration,” on page 63 


¢ Section 12.3, “Migrating the DHCP Configuration from NetWare to Linux Clusters in the Same 
Tree,” on page 63 


è Section 12.4, “Post-Migration Tasks,” on page 64 


Setting Up Novell DHCP on OES 2 Linux 


Novell DHCP Server for OES 2 Linux supports using a shared Linux POSIX file system or a shared 
NSS file system for the cluster resource. Set up DHCP on the OES 2 Linux servers by using one of the 
following methods in the OES 2 SP3: Novell DNS/DHCP Administration Guide: 


+ “Configuring DHCP with Novell Cluster Services for the NSS File System” 
+ “Configuring DHCP with Novell Cluster Services for the Linux File System” 


Prerequisites for Migration 


For more information about prerequisites, see “Migration Requirements” for DHCP in the OES 2 
SP3: Migration Tool Administration Guide. 


Migrating the DHCP Configuration from NetWare to Linux 
Clusters in the Same Tree 


In this scenario, both the NetWare server and the OES 2 Linux server are in the same eDirectory tree. 
The NetWare source server must be running NetWare 5.1 SP8 or later versions. The Linux target 
server must be running OES 2 SP1 (or later) Linux on either 32-bit or 64-bit hardware. 


Run the DHCP function in the Migration Tool from one of the OES 2 Linux nodes. Perform the Tree 
Level Migration with the same Source server (tree to which NetWare clustered nodes are attached) 
and Target server (tree to which the Linux clustered nodes are attached). This ensures that the entire 
NetWare DHCP configuration data is available for OES 2 Linux DHCP. 
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For information, see “Migrating DHCP” in the OES 2 SP3: Migration Tool Administration Guide, and 
follow the instructions for NetWare and Linux in the same eDirectory tree. 


IMPORTANT: Before starting the DHCP server on the Linux cluster, stop the DHCP server on the 
NetWare cluster. 


12.4 Post-Migration Tasks 


1 Log inas the root user to the OES 2 Linux node where you ran the migration, then open a 
terminal console 


2 Online the DHCP service cluster resource by entering 
cluster online resource_name 


3 On the Linux node where you ran the migration: 
3a Open the /mount_path/etc/dhcpd.conf file in a text editor. 


Replace mount_path with the Linux path to the folder in the shared volume where DHCP- 
specific directories are created. 


3b Inthe /mount_path/etc/dhcpd.conf file, change the value for the ldap-dhcp-server-cn 
parameter to the cn of the migrated DHCP server, then save your changes. 


3c Copy the migrated_server.leases file from /var/opt /novell/dhcp/leases/ folder or 
to the lease path specified in the Migration Tool to the /mount_path/var/1lib/dhcp/db/ 
folder, then rename it to dhcpd. leases. 


4 Stop the DHCP server on the NetWare cluster by taking the NetWare DHCP cluster resource 
offline. 


5 Start the DHCP server on the Linux cluster. 


renovell-dhcpd start 


64 OES 2 SP3: Novell Cluster Services NetWare to Linux Conversion Guide 


13.1 


13.2 


13.3 


DNS Server 


You can migrate the data from the Novell DNS Server on NetWare to a Novell DNS Server on Linux 
after you have installed and set up DNS services on an OES 2 SP1 Linux node in the cluster. You 
cannot directly reuse the data. 

¢ Section 13.1, “Prerequisites for Migration,” on page 65 


¢ Section 13.2, “Migrating the DNS Configuration from NetWare to Linux Clusters in the Same 
Tree,” on page 65 


¢ Section 13.3, “Post-Migration Tasks,” on page 65 


Prerequisites for Migration 


For information about prerequisites, see “Migrating DNS from NetWare to OES 2 SP3 Linux” in the 
OES 2 SP3: Migration Tool Administration Guide. 


Migrating the DNS Configuration from NetWare to Linux 
Clusters in the Same Tree 


In this scenario, both the NetWare server and the OES 2 SP1 Linux server are in the same eDirectory 
tree. The NetWare source server must be running NetWare 5.1 SP8 or later versions. The Linux target 
server must be running OES 2 SP1 Linux on either 32-bit or 64-bit hardware. 


Use iManager to move the DNS server from a NetWare NCP server to an OES 2 SP1 Linux NCP 
server. For information see “Using iManager to Migrate Servers within the Same eDirectory Tree” in 
the OES 2 SP3: Migration Tool Administration Guide. 


Post-Migration Tasks 


See “Post-Migration Procedure” in the OES 2 SP3: Migration Tool Administration Guide. 
1 Use iManager or the Java Management Console to check for the existence of the following 
objects: 
+ DNS-DHCP 
+ DNSDHCP-GROUP 
+ RootServerlnfo 
+ DNS Server object 


DNS Server 65 


2 Use the Clusters plug-in for iManager to verify the Cluster load script and unload script of the 
DNS cluster resources. 


For information, see “DNS Load and Unload Scripts” in the OES 2 SP3: Novell DNS/DHCP 
Administration Guide. 


3 Start the DNS server on the OES 2 Linux cluster. 
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14.1 


14.2 


Novell 1Print 


This section describes how to convert the iPrint cluster resource from NetWare 6.5 SP8 to OES 2 
Linux. 
è Section 14.1, “Installing iPrint on the OES 2 Linux Nodes,” on page 67 
+ Section 14.2, “Setting Up iPrint on the OES 2 Linux Nodes,” on page 67 
+ Section 14.3, “Migrating the iPrint Cluster Resource from NetWare to OES 2 Linux,” on page 70 
¢ Section 14.4, “Finalizing the Cluster Conversion,” on page 71 


è Section 14.5, “Additional Information,” on page 71 


Installing iPrint on the OES 2 Linux Nodes 


Prepare the first OES 2 Linux server for use with iPrint in a cluster: 


1 Install the following services on an OES 2 Linux server: 
+ Novell iPrint 
+ Novell Storage Services 
¢ Novell Cluster Services (but do not configure at install time) 
Select at least these services and any dependent services that each one requires. 
2 After the install, add the server to the NetWare cluster: 


For instructions, see Section 5.2, “Adding New OES 2 Linux Nodes to Your NetWare Cluster,” on 
page 32. 


Setting Up iPrint on the OES 2 Linux Nodes 


Perform the steps in this section to set up iPrint and an iPrint cluster resource on the OES 2 Linux 
nodes in the mixed-node cluster. 

+ Section 14.2.1, “Preparing the OES 2 Linux Nodes for iPrint,” on page 68 

è Section 14.2.2, “Setting Up iPrint on the OES 2 Linux iPrint Cluster Resource,” on page 69 


è Section 14.2.3, “Setting Up Preferred Nodes for the OES 2 Linux iPrint Cluster Resource,” on 
page 69 

è Section 14.2.4, “Editing the Load and Unload Scripts for the OES 2 Linux iPrint Cluster 
Resource,” on page 69 


è Section 14.2.5, “Verifying the Status of the iPrint Setup,” on page 70 
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14.2.1 Preparing the OES 2 Linux Nodes for iPrint 


Because iPrint on NetWare and iPrint on Linux are different, cluster migrating the iPrint cluster 
resource from NetWare to Linux is not an option. You create a new pool cluster resource on an OES 2 
Linux node that will be the iPrint cluster resource on Linux. To set up iPrint on each server, you move 
the iPrint configuration information from the default Linux installation path on each node to the 
newly created shared NSS pool resource. Later, you will move the iPrint Driver Store and Print 
Manager information from the NetWare resource to the OES 2 Linux resource. 


1 Ina Web browser, open iManager, then use the Storage role to create a new shared pool and 
volume on one of the OES 2 Linux servers where iPrint is installed. 
This is the iPrint cluster resource that will contain the iPrint data. 


For information about creating a clustered NSS pool and volume, see “Creating Cluster-Enabled 
Pools and Volumes” in the OES 2 SP3: Novell Cluster Services 1.8.8 Administration Guide for Linux. 


2 On the first OES 2 Linux node, set up clustering for iPrint on the shared NSS volume that you 
created in Step 1. 


2a Log in as the root user to the OES 2 Linux node where the shared pool resource is active, 
then open a terminal console. 


2b Go to the /opt /novell/iprint/bin folder, then run the iprint_nss_relocate script by 
entering 


./iprint_nss_ relocate -a admin _fdn -p admin password -n nss_volume_path -1 
cluster [-c <Specify Container FDN where iPrint LUM object already 

exists or should be created>] [-w <Specify Container FDN where Apache LUM 
objects exist>] 


Replace admin_fdn with the comma-delimited fully distinguished name of the iPrint 
administrator user (such as cn=admin, o=mycompany). Replace admin_password with the 
actual password of the specified iPrint administrator user. Replace nss_volume_path with the 
Linux path (such as /media/nss/NSSVOL1) to the shared NSS volume where you want to 
relocate the iPrint configuration data. 


For information about the script options, see “Setting up iPrint on an NSS File System” in 
the OES 2 SP3: iPrint for Linux Administration Guide. 


For example, enter 


./iprint_nss relocate -a cn=admin,o=mycompany -p password -n /media/nss/ 
NSSVOL1 -1 cluster -c o=mycompany,t=iPrint Tree -w 
o=mycompany,t=iPrint_ Tree 


2c Review the messages displayed on the screen to confirm the data migration from the local 
Linux path to the shared NSS path is completed. 


3 For each remaining Linux node in the cluster where iPrint is installed, set up clustering for iPrint 
by doing the following: 


3a Log in as the root user to the OES 2 Linux node where the shared pool resource is active, 
then open a terminal console. 


3b Cluster migrate the shared NSS pool resource from the active OES 2 Linux node to this OES 
2 Linux node by entering 


cluster migrate resource name node_name 


3c Log in to the newly active OES 2 Linux node as the root user, then open a terminal console. 
3d Run the iprint_nss_relocate script as described in Step 2b, using the same values. 


3e Repeat Step 3a through Step 3d until all of the OES 2 Linux nodes are configured for iPrint. 
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14.2.2 


14.2.3 


14.2.4 


Setting Up iPrint on the OES 2 Linux iPrint Cluster Resource 


1 IniManager, select iPrint > Create Driver Store, then create a Driver Store on the OES 2 Linux 
node where the iPrint cluster resource is active. 


For information, see “Creating a Driver Store” in the OES 2 SP3: iPrint for Linux Administration 
Guide. 


Use the IP or DNS name of the shared NSS pool resource that you created in Section 14.2.1, 
“Preparing the OES 2 Linux Nodes for iPrint,” on page 68 as the Target Server. For the eDirectory 
Server Name, choose an eDirectory server that holds a copy of the replica where the Printer 
Agents will be created. 


2 IniManager, select iPrint > Create Print Manager, then create a Print Manager on the OES 2 Linux 
node where the iPrint cluster resource is active. 


For information, see “Creating a Print Manager” in the OES 2 SP3: iPrint for Linux Administration 
Guide. 


Use the IP or DNS name of the shared NSS pool resource that you created in Section 14.2.1, 
“Preparing the OES 2 Linux Nodes for iPrint,” on page 68 as the iPrint Service. For the eDirectory 
Server Name, choose same server that you specified for the Driver Store. Deselect the Start print 
manager after creation option. 


Setting Up Preferred Nodes for the OES 2 Linux iPrint Cluster 
Resource 


Configure the Preferred Nodes list for the Linux shared NSS pool cluster resource to prevent an 
inadvertent failback of the resource to a NetWare server. 


1 IniManager, click Clusters > Cluster Manager, then select the cluster where the Linux shared NSS 
pool resource is currently active. 


2 Select the link for the OES 2 Linux shared NSS pool cluster resource to open its Properties page. 
3 Go to the Preferred Nodes tab. 

4 Move all of the NetWare nodes from the Assigned Nodes list to Unassigned Nodes list. 

5 Click OK to save your changes. 


Editing the Load and Unload Scripts for the OES 2 Linux iPrint Cluster 
Resource 


Edit the load and unload scripts for the OES 2 Linux iPrint cluster resource. 


1 Edit the load script. Add the following lines to the existing load script before the exit 0 
statement 


ignore error mv /media/nss/NSSVOL1/var/opt/novell/iprint/iprintgw.lpr /media/ 
nss/NSSVOL1/var/opt/novell/iprint/iprintgw.lpr.bak 


NOTE: Replace /media/nss/NSSVOL1 in the above command with your actual cluster volume 
mount point. 


exit_on_error rcnovell-idsd start 
exit_on_error rcnovell-ipsmd start 


The daemons can also be started by using the file path /etc/init.d/novell-idsd start and 
/etc/init.d/novell-ipsmd start 
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2 Edit the unload script. Add the following lines to the existing unload script after the /opt / 
novell/ncs/lib/ncsfuncs statement: 


ignore error rcnovell-ipsmd stop 
ignore error rcnovell-idsd stop 


The daemons can also be stopped by using the file path /etc/init.d/novell-ipsmd stop and 
/etc/init.d/novell-idsd stop. 


3 Activate the load and unload scripts by taking the resource offline, then bringing the resource 
online. 


14.2.5 Verifying the Status of the iPrint Setup 


Verify that the iPrint cluster resource is working by cluster migrating the OES 2 Linux iPrint cluster 
resource to each OES 2 Linux node in turn and performing the following checks: 


1 Log inas the root user on the OES 2 Linux node where the iPrint cluster resource is active, then 
open a terminal console. 


2 Check the status of the Print Manager and Driver Store. 
rcnovell-ipsmd status 
rcenovell-idsd status 
3 Test the ability of iprntman to authenticate the admin user (or other user given with miggui). 
iprntman psm -1 -u admin 
4 Cluster migrate the iPrint cluster resource to another OES 2 Linux node by entering 
cluster migrate resource name node_name 


5 Repeat this check for each OES 2 Linux node in the mixed-node cluster. 


14.3 Migrating the iPrint Cluster Resource from NetWare to OES 
2 Linux 


After iPrint is configured for the OES 2 Linux nodes, you are ready to migrate the iPrint Driver Store 
and Print Manager information from the NetWare iPrint cluster resource to the OES 2 Linux iPrint 
cluster resource. 


Perform the following steps in “Migrating an iPrint Cluster Resource” in the OES 2 SP3: Migration 
Tool Administration Guide. 


1 Perform the pre-migration checks as described in “Pre-Migration iPrint Configuration” in the 
OES 2 SP3: Migration Tool Administration Guide. 


2 Perform a consolidated migration of the iPrint service as described in “iPrint Consolidate 
Migration” in the OES 2 SP3: Migration Tool Administration Guide. 


Start the Migration Tool from the target server (the OES 2 Linux node where the iPrint cluster 
resource is active). 


For the source server, authenticate by using the IP address or DNS name of the NetWare iPrint 
cluster resource. 


For the target server, authenticate by using the IP address or DNS name of the Linux iPrint 
cluster resource. 
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3 Verify that the migration was successful as described in “Verifying the Result of the iPrint 
Migration” in the OES 2 SP3: Migration Tool Administration Guide. 


4 Transition the Transition end-user printing from NetWare to Linux. 


+ 


+ 


+ 


+ 


Offline the NetWare iPrint cluster resource. 
View the NetWare iPrint cluster load script's /DNSNAME value. 


Configure DNS to resolve the /DNSNAME value to the IP address of the target Linux 
cluster resource hosting the Print Manager. 


NOTE: The propagation of the DNS change might take time, depending on your network. 


DNSNAME is the address that the clients use to find the NetWare Print Manager. The same 
DNSNAME is used to find the Linux Print Manager. 


Update each of the Linux node /etc/hosts files to resolve to the Linux iPrint cluster IP 
address. 


Update the /etc/opt /novell/iprint/conf/ipsmd.conf PSMHostAddress value to the / 
DNSNAME. 


Restart the Print Manager. 


5 (Optional) Perform the post-migration steps as described in “Transfer ID” and “Post Transfer ID 
Migration Steps ” in the OES 2 SP3: Migration Tool Administration Guide. 


For detailed information about iPrint migration requirements, pre-migration configuration, 
migration procedures, post-migration tasks, and troubleshooting, see “Migrating iPrint from 
NetWare or OES 2 Linux to OES 2 SP3 Linux” in the OES 2 SP3: Migration Tool Administration Guide. 


Finalizing the Cluster Conversion 


After your OES 2 Linux iPrint setup is working as expected, finalize the cluster conversion, as 
described in Section 5.4, “Finalizing the Cluster Conversion,” on page 35. 


Additional Information 


See the following Novell Support Technical Information Documents (TIDs) for more information 
about migrating iPrint from NetWare to OES 2 Linux: 


¢ TID 7005448: Migrating an iPrint Cluster from NetWare to OES 2 (http://www.novell.com/support/ 
viewContent.do?externalld=7005448) 


¢ TID 7004455: iPrint Migration Best Practices (http://www.novell.com/support/ 
viewContent.do?externalld=7004455) 
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MySQL 


On Linux, you can use the MySQL 5.0.x software on Novell Open Enterprise Server (OES) 2 Linux 
that is offered under the GNU General Public License (GPL). 


Configure the OES service to use MySQL 5.0.x on OES 2 Linux before setting up clustering for the 
related MySQL database. 


For the Linux version of MySQL, use a procedure similar to the one on NetWare to set up a new 
cluster resource. Use the Linux commands for MySQL in the load and unload scripts. Use a Linux 
path on a shared Linux POSIX file system for the MySQL database. As a general reference, see 
“Configuring MySQL on Novell Clustering Services” in the.NW 6.5 SP8: Novell MySQL 
Administration Guide 
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16.1 


16.2 


QuickFinder Server 


In a Novell Cluster Services cluster, you must install QuickFinder on each node in the cluster. This 
registers QuickFinder Server with each of the Web servers and application servers running on each 
server. On OES 2 Linux, QuickFinder is installed by default in the /var/lib/qfsearch folder. We 
recommend that you use the default path. After the installation, you must set up one or more virtual 
search servers to enable QuickFinder Server to work in a cluster. 


When the Linux setup is completed, you are ready to manually migrate settings from the NetWare 
cluster to the Linux cluster. Set up QuickFinder on the OES 2 Linux cluster nodes, then manually 
migrate QuickFinder data from a NetWare node to an OES 2 Linux node. 


For information about using the QuickFinder Server Manager and other procedures for QuickFinder, 
see the OES 2 SP3: Novell QuickFinder Server 5.0 Administration Guide. 

¢ Section 16.1, “Prerequisites,” on page 75 

+ Section 16.2, “Setting Up QuickFinder Server on Linux Cluster Nodes,” on page 75 

è Section 16.3, “Migrating QuickFinder Data from NetWare to Linux,” on page 76 

+ Section 16.4, “Post-Migration Considerations,” on page 77 


+ Section 16.5, “Searching the Cluster Volume,” on page 77 


Prerequisites 


Before you begin: 
1 On one Linux node, create a Linux POSIX cluster resource where all of the indexes and virtual 
search server settings are to be stored. 


For information, see “Configuring and Managing Cluster Resources for Shared Linux POSIX 
Volumes” in the OES 2 SP3: Novell Cluster Services 1.8.8 Administration Guide for Linux. 


Setting Up QuickFinder Server on Linux Cluster Nodes 


On each OES 2 Linux node, do the following to set up QuickFinder for Linux: 
1 Cluster migrate the Linux POSIX cluster resource to the OES 2 Linux node where you want to 
install QuickFinder 
2 Install QuickFinder on the active cluster node. 
3 Create a virtual search server to enable QuickFinder Server to work in a cluster. 


Give each virtual search server the same name and location. After the first server is set up, any 
settings that you create on the shared volume are automatically displayed. 


3a On the active cluster node, open the QuickFinder Server Manager. 
3b Click Global Settings, then click Add New Virtual Server. 
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3c In Name, specify the DNS name of the cluster. 


3d In Location, specify the Linux path on the Linux POSIX cluster resource where all of the 
indexes and virtual search server settings will be located. 


3e Click Add. 
4 Repeat Step 1 to Step 3 for each of the nodes in the cluster. 


16.3 Migrating QuickFinder Data from NetWare to Linux 


Use the following steps to migrate QuickFinder Server data from a NetWare server to a 
corresponding Linux server. You must repeat the tasks for each NetWare server in the cluster. It 
assumes a one-to-one server replacement in the cluster. 


WARNING: Migrating indexes and virtual search server settings from a QuickFinder Server running 
on NetWare to QuickFinder Server running on OES 2 Linux replaces the existing settings on the 
Linux server. If you want to merge your NetWare settings with the existing Linux settings, you must 
manually re-create the NetWare settings by using the QuickFinder Server Manager. 


1 Open a Web browser, the access the QuickFinder Server Manager on the NetWare server. 


http: //servername/qfsearch/admin 
2 Click Global Settings in the top toolbar. 
3 Write down the paths for each virtual search server displayed in the Location column. 


4 On the OES 2 Linux server where the shared volume is active, mount the NetWare server by 
using the ncpmount command. 


5 Make a backup of the /var/1lib/qfsearch/SiteList.properties file. 
Ensure that you don't have a file with this name as a backup on the NetWare server. 


6 Copy all .properties and Cron. jobs files from the root folder sys: /qfsearch on the NetWare 
server to /var/lib/qfsearch on the Linux server. 


7 Copy sys:/qfsearch/Sites and all of its subdirectories to /var/lib/qfsearch/Sites. 


8 Copy sys:/qfsearch/Templates and all of its subdirectories to /var/lib/qfsearch/ 
Templates. 


9 If any of the paths listed in Step 3 are not under sys: /qfsearch (for example, if you installed a 
virtual search server somewhere other than the default location), you must also copy those paths 
to Linux. 


For example, if you have the path sys: /SearchSites/PartnerSite, you must copy it to the 
Linux server. You could copy it to /var/opt/SearchSites/PartnerSite or /var/lib/ 
qfsearch/Sites/PartnerSite. 


10 Edit all NetWare paths in /var/lib/qfsearch/SiteList .properties to reflect the new Linux 
paths. 


For example, change sys: /qfsearch to /var/lib/qfsearch. 


Or, as in the example in Step 9, change sys: /SearchSites/PartnerSite to /var/opt/ 
SearchSites/PartnerSite. 


Some paths might have one or two backslashes (\) that must be replaced with one forward slash 
(/). For example, sys: \\qfsearch\\docs needs to be changed to /var/lib/qfsearch/docs. 


11 Update all NetWare paths in the properties and configuration files copied in the steps above to 
the Linux paths, and update any DNS names. 


The following files must be updated: 
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12 


13 


AdminServlet .properties 

Cron.jobs 

Sites/Highlighter.properties 

Sites/Print.properties 

Sites/Search.properties 

For each of the virtual search servers, modify the following: 
+ qfind.cfg 


+ Any of the above .properties files, if they exist. 


IMPORTANT: Linux filenames are case sensitive. 


The names of most properties files are mixed case, so ensure that the files copied from NetWare 
are the correct case. You can compare them to the . properties .sample files on Linux. 


You might also need to update paths in templates. If you have problems such as a template not 
being found or some properties not being set properly, check the case of the filename. 


If you modified any “file” index paths to index directories on the Linux server, that index must 
be regenerated. 


After all the files have been modified, run the following commands to set the access rights and 
the owner and groups so that the QuickFinder engine has rights to access the files. 


As the root user, enter 

chown -R root:www /var/lib/qfsearch 

chmod -R 770 /var/lib/qfsearch 

Repeat Step 1 to Step 12 for each NetWare and Linux pair of nodes. 


Post-Migration Considerations 


QuickFinder Server 5.0 indexes are not compatible with previous versions of QuickFinder Server. The 
indexes must be regenerated, and you cannot synchronize QuickFinder Server 5.0 indexes with 
indexes from a previous version of QuickFinder Server (and vice-versa). 


Searching the Cluster Volume 


To perform a search on the shared volume after the NetWare migration is complete: 


1 Open a Web browser, then enter 


http://DNS_CLUSTER/qfsearch/search 


QuickFinder Server sees the DNS and sends the request to the appropriate virtual search server. 
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17.2 


17.3 


Novell Storage Services Pools 


Consider the guidelines in this section when converting Novell Storage Services (NSS) pool cluster 
resources from NetWare to Novell Open Enterprise Server (OES) 2 Linux. 
+ Section 17.1, “NSS Pool Cluster Migration,” on page 79 
è Section 17.2, “NSS File System Migration to NCP Volumes or Linux POSIX File Systems,” on 
page 79 


¢ Section 17.3, “Estimated Time Taken to Build the Trustee File on Linux,” on page 79 


NSS Pool Cluster Migration 


In the mixed-node cluster, NSS pool cluster resources created on NetWare can be failed over or 
cluster migrated to nodes that are running OES 2 Linux where NSS is installed and running. Some 
NSS features are not available or work differently on Linux. For information, see “Cross-Platform 
Issues for NSS” in the OES 2 SP3: NSS File System Administration Guide for Linux. 


Pool snapshots use different technologies on NetWare and Linux. Ensure that you delete pool 
snapshots for all clustered pools before you begin the cluster conversion. 


NSS File System Migration to NCP Volumes or Linux POSIX 
File Systems 


To move data from NSS file systems on NetWare to NCP volumes or to Linux POSIX file systems on 
Linux, you must use the OES 2 SP1 Migration tool. For information, see “Migrating File System from 
NetWare, OES 1 or OES 2 to OES 2 SP3 Linux” in the OES 2 SP3: Migration Tool Administration Guide. 


Estimated Time Taken to Build the Trustee File on Linux 


On Linux, NCP Server stores file system trustees and rights information in the ._NetWare/ 
.trustee_database.xml file at the root of each NSS volume or NCP volume. The NSS file system 
also stores this information in its file system metadata as it does on NetWare. This database file is 
updated when you: 


¢ Add file system trustees and rights 

+ Delete file system trustees and rights 

* Modify file system trustees and rights 
When you migrate an NSS volume from NetWare to Linux, the trustee database file does not exist. 
NCP Server reads the trustee and rights information from the NSS file system metadata, validates the 
User object, and stores the settings ina ._NetWare/.trustee_database.xml file at the root of the 


volume. The information collection process begins automatically when the NSS volume is mounted 
on the OES 2 Linux server. 
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Testing found that building the initial database on Linux for an existing volume takes about one 


minute per 50,000 storage objects. Testing was done on the following configuration for the target 
server: 


HP DL380 G5 


2 Quadcore Intel Xeon CPU E5345 @ 2.33 GHz 
12 GB RAM 


1 Gigabit NIC 


2 HBAs with 4 paths to the EMC DMX Symmetrix Storage with 4 gigabits per second (Gbps) 
bandwidth 


To follow the synchronization between the file system and the trustee file, look for output in the / 
var/opt/novell/log/ncp2nss.1og file. 
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Documentation Updates 


This section contains information about documentation content changes made to information in the 
Novell Cluster Services for Linux Conversion Guide since the initial Novell Cluster Services 1.8.5 release 


for Novell Open Enterprise Server 2. 
This document was updated on the following dates: 


+ Section A.1, “May 2013 Scheduled Maintenance,” on page 81 

è Section A.2, “April 2013 Scheduled Maintenance,” on page 82 

¢ Section A.3, “April 12, 2013,” on page 82 

¢ Section A.4, “January 2013 Scheduled Maintenance,” on page 83 
+ Section A.5, “November 30, 2012,” on page 83 

¢ Section A.6, “April 19, 2012,” on page 83 

* Section A.7, “January 2012 Scheduled Maintenance,” on page 84 
+ Section A.8, “August 2011 Scheduled Maintenance,” on page 84 
¢ Section A.9, “June 3, 2011,” on page 85 

¢ Section A.10, “December 2010 (OES 2 SP3),” on page 85 

¢ Section A.11, “May 2010 Scheduled Maintenance,” on page 86 

è Section A.12, “January 2010 Scheduled Maintenance,” on page 87 
¢ Section A.13, “January 20, 2010,” on page 87 

¢ Section A.14, “January 4, 2010,” on page 88 

¢ Section A.15, “December 10, 2009,” on page 88 

¢ Section A.16, “November 2009 (OES 2 SP2),” on page 88 

¢ Section A.17, “July 30, 2009,” on page 89 

¢ Section A.18, “June 22, 2009,” on page 90 

¢ Section A.19, “June 5, 2009,” on page 90 

¢ Section A.20, “May 6, 2009,” on page 91 

¢ Section A.21, “March 3, 2009,” on page 91 

+ Section A.22, “February 13, 2009,” on page 91 

¢ Section A.23, “February 3, 2009,” on page 92 

+ Section A.24, “December 2008 (OES 2 SP1),” on page 92 


A.1 May 2013 Scheduled Maintenance 


Updates were made to the following section. The changes are explained below. 
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A.1.1 What's New or Changed for Novell Cluster Services 


Location Change 


Section 1.1, “What’s New (May 2013),” on page 9 This section is new. 


A.2 April 2013 Scheduled Maintenance 


Updates were made to the following section. The changes are explained below. 


A.2.1 What’s New or Changed for Novell Cluster Services 


Location Change 


Section 1.2, “What’s New (April 2013),” on page 9 This section is new. 


A.3 April 12, 2013 


Updates were made to the following section. The changes are explained below. 


¢ Section A.3.1, “Apache HTTP Server,” on page 82 


A.3.1 Apache HTTP Server 


Chapter 7, “Apache HTTP Server,” on page 39 was updated to describe key considerations for using 
Apache 2 on Novell Open Enterprise Server 2 SP3 servers. 


When you install OES services on the server, Novell-ready versions of Apache 2 HTTP Server and 
Tomcat 5 are automatically installed. Apache and the OES Welcome Web site are automatically 
configured for non-secure port 80 and secure port 443. The Apache HTTP Server daemon (ht tpd2) 
starts automatically on server restart. 


To set up personalized Web sites, you must manually create a virtual host configuration file for each 
Web site. Templates for secure SSL virtual host and non-secure virtual host configuration files are 
available in the /etc/apache2/vhosts.d/ directory. Use a text editor to create or modify the 
configuration files, then gracefully restart the Apache daemon (rcapache2 graceful) to apply the 
changes. 


WARNING: Do not install the SUSE Linux Web and Lamp Server pattern. Do not use the HTTP Server 
option in YaST to manage Apache or virtual host settings on an OES server. It overwrites essential 
OES settings for Apache and breaks the existing setup. For recovery information, see Section 7.4.1, 
“Apache Server Errors after Using the HTTP Server Option in YaST,” on page 53. 
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A.4 


A.4.1 


A.5 


A.5.1 


A.6 


A.6.1 


January 2013 Scheduled Maintenance 


Updates were made to the following section. The changes are explained below. 


¢ Section A.4.1, “What’s New or Changed for Novell Cluster Services,” on page 83 


What’s New or Changed for Novell Cluster Services 


Location Change 


Section 1.3, “What’s New (January 2013),” on page 10 Added information about Novell iManager 2.7.6 and 
Novell Client 2 SP3 for Windows. 


November 30, 2012 


Updates were made to the following section. The changes are explained below. 


¢ Section A.5.1, “Novell iPrint,” on page 83 


Novell iPrint 


Location Change 


Section 14.2.4, “Editing the Load and Unload Scripts The daemons can also be started by using the file path 
for the OES 2 Linux iPrint Cluster Resource,” on /etc/init.d/novell-idsd start and /etc/ 
page 69 init.d/novell-ipsmd start. 


The daemons can also be stopped by using the file 
path /etc/init.d/novell-ipsmd stop and / 
etc/init.d/novell-idsd stop. 


April 19, 2012 


Updates were made to the following sections. The changes are explained below. 


¢ Section A.6.1, “Novell Storage Services Pools,” on page 83 


+ Section A.6.2, “Planning the Conversion of Load and Unload Scripts,” on page 84 


Novell Storage Services Pools 


Location Change 
Section 17.3, “Estimated Time Taken to Build the To follow the synchronization between the file system 
Trustee File on Linux,” on page 79 and the trustee file, look for output in the /var/opt/ 


novell/log/ncp2nss.1og file. 
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A.6.2 


A.7 


A.7.1 


A.7.2 


84 


A.8 


Planning the Conversion of Load and Unload Scripts 


Location Change 


Section 4.4, “Comparing Master IP Address Scripts,” You can modify the Master IP Address only after the 
on page 23 cluster conversion is finalized. 


To follow the synchronization between the file system 
and the trustee file, look for output in the /var/opt/ 
novell/log/ncp2nss.1og file. 


January 2012 Scheduled Maintenance 


This guide has been updated to conform to the Novell 2012 style guidelines. Updates were made to 
the following sections. The changes are explained below. 


+ Section A.7.1, “Planning the Cluster Conversion,” on page 84 


+ Section A.7.2, “What’s New,” on page 84 


Planning the Cluster Conversion 


Location Change 
Section 2.1, “Supported Conversion Paths,” on The NetWare to Linux conversion is supported from 
page 12 NetWare 6.5 SP8 (with the latest patches applied) to 


OES 2 SP3 on the SUSE Linux Enterprise 10 SP4 
operating system. 


Section 2.2, “Supported Mixed-Node Clusters,” on A mixed cluster made up of NetWare 6.5 SP7 or 
page 12 earlier nodes and OES 2 SP3 Linux nodes is not 
supported. 
’ 
What’s New 
Location Change 


Chapter 1, “What’s New for Novell Cluster Services This section is new. 
Cluster Conversion from NetWare to Linux,” on page 9 


August 2011 Scheduled Maintenance 


The OES 2 SP3 August 2011 Maintenance Patch provides support for OES 2 SP3 on the SUSE Linux 
Enterprise 10 SP4 operating system. Links were updated to point to the latest SLES 10 
documentation. 
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A.9 


A.9.1 


A.10 


A.10.1 


A.10.2 


June 3, 2011 


Updates were made to the following section. The changes are explained below. 


¢ Section A.9.1, “Converting NetWare 6.5 Clusters to OES 2 Linux,” on page 85 


Converting NetWare 6.5 Clusters to OES 2 Linux 


Location Change 
“Removing NetWare Nodes from the Cluster” on This section was added for completeness. 
page 34 


December 2010 (OES 2 SP3) 


This content in this guide previously appeared as the “Converting NetWare 6.5 Clusters to OES 2 
Linux” chapter in the OES 2 SP2: Novell Cluster Services for Linux Administration Guide. 


In addition, updates were made to the following sections. The changes are explained below. 


¢ Section A.10.1, “Apache Web Server,” on page 85 

¢ Section A.10.2, “Converting NetWare 6.5 Clusters to OES 2 Linux,” on page 85 
¢ Section A.10.3, “Novell Distributed File Services VLDB,” on page 86 

è Section A.10.4, “Planning the Cluster Conversion,” on page 86 


¢ Section A.10.5, “Planning the Conversion of Load and Unload Scripts,” on page 86 


Apache Web Server 


This section was expanded to include installation and setup information that is specific to Linux. 


Converting NetWare 6.5 Clusters to OES 2 Linux 


Location Change 

Step 1 in “Finalizing the Cluster Conversion” on Beginning in OES 2 SP3, you can use the cluster 

page 35 convert preview all command to preview all 
resources. 
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A.10.3 


A.10.4 


A.10.5 


A.11 


A.11.1 


Novell Distributed File Services VLDB 


Location 


Step 2 in “Cluster Migrating the Shared NSS Volume 
for the VLDB” on page 61 


Step 2 in “Adding a Linux Server as a Replica Site” on 
page 62 


Planning the Cluster Conversion 


Location 


Section 2.11, “Managing File Systems in Mixed-Node 
Clusters,” on page 14 


Change 


For each of the Linux nodes, assign the node’s 
nssadmin user as a trustee of the container that is 
configured as the Management Context for the VLDB, 
and give the user at least the Read and Compare 
rights to the [A11 Attribute Rights] property. 


Change 


If you need to configure (or reconfigure) existing 
shared NSS pools and volumes in a mixed-node 
cluster, you must temporarily bring down all Linux 
cluster nodes prior to making changes, then make the 
configuration changes on a NetWare node. Ensure 
that the resources are working properly on NetWare 
before having the Linux cluster nodes rejoin the 
cluster. 


Planning the Conversion of Load and Unload Scripts 


Location 


Section 4.2, “Comparing Script Length Limits for 
NetWare and Linux,” on page 22 


Change 


This section is new. 


May 2010 Scheduled Maintenance 


Updates were made to the following sections. The changes are explained below. 


¢ Section A.11.1, “Novell AFP,” on page 86 
+ Section A.11.2, “Novell CIFS,” on page 87 


Novell AFP 


Location 


Chapter 6, “Novell AFP,” on page 37 


Change 


Beginning in OES 2 SP2 Linux, the cross-protocol file 
locking parameter for NCP Server is enabled by 
default. 
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A.11.2 


A.12 


A.12.1 


A.12.2 


A.13 


A.13.1 


Novell CIFS 


Location 


Chapter 10, “Novell CIFS,” on page 59 


Change 


Beginning in OES 2 SP2 Linux, the cross-protocol file 
locking parameter for NCP Server is enabled by 
default. 


January 2010 Scheduled Maintenance 


Updates were made to the following sections. The changes are explained below. 


¢ Section A.12.1, “Planning the Cluster Conversion,” on page 87 
+ Section A.12.2, “Converting NetWare 6.5 Clusters to OES 2 Linux,” on page 87 


Planning the Cluster Conversion 


Location 


“SBD Devices Must Be Marked as Shareable for 
Clustering” on page 12 


Change 


This section is new. 


Converting NetWare 6.5 Clusters to OES 2 Linux 


Location 


“Converting NetWare Cluster Nodes to OES 2 Linux 
(Rolling Cluster Conversion)” on page 29 


Change 


Step 1 on page 29 is new. Before you add the first 
Linux node to the NetWare cluster, mark the NetWare 
cluster SBD devices as Shareable for Clustering. 


“Adding New OES 2 Linux Nodes to Your NetWare 
Cluster” on page 32 


January 20, 2010 


Step 1 on page 32 is new. Before you add the first 
Linux node to the NetWare cluster, mark the NetWare 
cluster SBD devices as Shareable for Clustering 


Updates were made to the following section. The changes are explained below. 


+ Section A.13.1, “Converting NetWare 6.5 Clusters to OES 2 Linux,” on page 87 


Converting NetWare 6.5 Clusters to OES 2 Linux 


Location 


“Converting NetWare Cluster Nodes to OES 2 Linux 
(Rolling Cluster Conversion)” on page 29 


Change 


.Step 11 was removed. A cluster restart is no longer 
required. 
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Location Change 


“Finalizing the Cluster Conversion” on page 35 .Step 3 was revised. A cluster restart is no longer 
required. 


A.14 January 4, 2010 


Updates were made to the following section. The changes are explained below. 


+è Section A.14.1, “eDirectory Server Certificates,” on page 88 


A.14.1 eDirectory Server Certificates 


Location Change 


“Using Internal Certificates in a Cluster” on page 58 .This section was modified for clarity.. 


A.15 December 10, 2009 


Updates were made to the following section. The changes are explained below. 


¢ Section A.15.1, “Converting NetWare 6.5 Clusters to OES 2 Linux,” on page 88 


A.15.1 Converting NetWare 6.5 Clusters to OES 2 Linux 


Location Change 
Section 5.1, “Converting NetWare Cluster Nodes to Added the following instruction in Step 3 on page 30: 


OES 2 Linux (Rolling Cluster Conversion),” on page 29 f i f . 
You can do this by running NWConfig, then selecting 


Product Options > Directory Options <install NDS> > 
Remove Directory Services from this server. 


A.16 November 2009 (OES 2 SP2) 


Updates were made to the following sections. The changes are explained below. 


¢ Section A.16.1, “Converting NetWare 6.5 Clusters to OES 2 Linux,” on page 89 
¢ Section A.16.2, “Planning the Conversion of Load and Unload Scripts,” on page 89 
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A.16.1 


A.16.2 


A.17 


A.17.1 


A.17.2 


Converting NetWare 6.5 Clusters to OES 2 Linux 


Location 


Section 5.4, “Finalizing the Cluster Conversion,” on 
page 35 


Change 


Modified Step 3 to state that you must run /opt / 
novell/ncs/bin/nes-configd.py -init on 
each of the nodes in the cluster, or restart Cluster 
Services on each of the nodes in the cluster. 


Planning the Conversion of Load and Unload Scripts 


Location 


Section 4.7, “Customizing the Translation Syntax for 
Converting Load and Unload Scripts,” on page 27 


July 30, 2009 


Change 


This section is new. 


Updates were made to the following section. The changes are explained below. 


¢ Section A.17.1, “Converting NetWare 6.5 Clusters to OES 2 Linux,” on page 89 


¢ Section A.17.2, “Planning the Cluster Conversion,” on page 89 


Converting NetWare 6.5 Clusters to OES 2 Linux 


Location 


Section 5.4, “Finalizing the Cluster Conversion,” on 
page 35 


Planning the Cluster Conversion 


Location 


Section 2.12, “Using Novell iManager in Mixed-Node 
Clusters,” on page 15 


Change 


WARNING: After you finalize the cluster conversion, 
rollback to NetWare is not supported. 


Change 
This section is new. 


Use Novell iManager 2.7.2 or later for all cluster 
administration in the mixed-node cluster. 


Section 2.13, “Using Novell Remote Manager Is Not 
Supported in Mixed-Node Clusters,” on page 15 


Section 2.14, “Using ConsoleOne Is Not Supported for 
Mixed-Node Clusters,” on page 15 


Do not use Novell Remote Manager when managing 
mixed-node clusters. Novell Remote Manager is not 
supported for cluster management on OES 2 Linux. 


This section is new. 


Do not use ConsoleOne when managing mixed-node 
clusters. ConsoleOne is not supported for cluster 
management on OES 2 Linux. 
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A.18 June 22, 2009 


Updates were made to the following section. The changes are explained below. 


è Section A.18.1, “Planning the Cluster Conversion,” on page 90 


A.18.1 Planning the Cluster Conversion 


Location Change 


Section 2.13, “Using Novell Remote Manager Is Not This section is new. 
Supported in Mixed-Node Clusters,” on page 15 


A.19 June 5, 2009 


Updates were made to the following sections. The changes are explained below. 


¢ Section A.19.1, “Converting NetWare 6.5 Clusters to OES 2 Linux,” on page 90 
è Section A.19.2, “Novell Storage Services Pools,” on page 90 


A.19.1 Converting NetWare 6.5 Clusters to OES 2 Linux 


Location Change 


Section 5.1, “Converting NetWare Cluster Nodes to In Step 10 on page 31, added clarification that 
OES 2 Linux (Rolling Cluster Conversion),” on page 29 checking for an SBD is necessary only if the cluster 
has a shared disk system. 


Section 5.2, “Adding New OES 2 Linux Nodes to Your In Step 6 on page 34, added clarification that checking 
NetWare Cluster,” on page 32 for an SBD is necessary only if the cluster has a 
shared disk system. 


A.19.2 Novell Storage Services Pools 


Location Change 

Chapter 17, “Novell Storage Services Pools,” on Added information about how long it might take to build 

page 79 the trustee.xml file during a migration from NetWare to 
Linux. 
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A.20 


A.20.1 


A.21 


A.21,1 


A.22 


A.22.1 


May 6, 2009 


Updates were made to the following section. The changes are explained below. 


¢ Section A.20.1, “Planning the Cluster Conversion,” on page 91 


Planning the Cluster Conversion 


Location 


Section 2.11, “Managing File Systems in Mixed-Node 
Clusters,” on page 14 


March 3, 2009 


Change 


If you need to configure (or reconfigure) existing 
shared NSS pools and volumes or trustee 
assignments in a mixed-node cluster, you must 
temporarily remove all Linux cluster nodes by issuing 
the cluster leave command prior to making any 
NSS changes. 


Updates were made to the following section. The changes are explained below. 


+ Section A.21.1, “Converting NetWare 6.5 Clusters to OES 2 Linux,” on page 91 


Converting NetWare 6.5 Clusters to OES 2 Linux 


Location 


Step 3 in Section 5.4, “Finalizing the Cluster 
Conversion,” on page 35 


February 13, 2009 


Change 


You must restart the cluster so that clstrlib.ko is 
reloaded: 


renovell-nes restart 


Errata were corrected. Updates were made to the following sections. The changes are explained 


below. 


+ Section A.22.1, “Converting NetWare 6.5 Clusters to OES 2 Linux,” on page 91 


+ Section A.22.2, “Novell Storage Services Pools,” on page 92 


+ Section A.22.3, “Planning the Conversion of Load and Unload Scripts,” on page 92 


Converting NetWare 6.5 Clusters to OES 2 Linux 


Location 


Chapter 3, “Planning the Conversion of Cluster 
Resources,” on page 17 


Change 


Added a link to the eDirectory caveat. 
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A.22.2 Novell Storage Services Pools 


Location Change 


Section 17.2, “NSS File System Migration to NCP This section is new. 
Volumes or Linux POSIX File Systems,” on page 79 


A.22.3 Planning the Conversion of Load and Unload Scripts 


Location Change 


Section 4.1, “Translation of Cluster Resource Scripts The path to the files is /var/opt/novell/ncs/. 
for Mixed NetWare and Linux Clusters,” on page 21 


A.23 February 3, 2009 


Updates were made to the following section. The changes are explained below. 


¢ Section A.23.1, “Novell AFP,” on page 92 


A.23.1 Novell AFP 


Location Change 


Chapter 6, “Novell AFP,” on page 37 Added information about using the NCP cross-protocol 
file locking feature on OES 2 SP1 Linux. 


A.24 December 2008 (OES 2 SP1) 


Updates were made to the following sections. The changes are explained below. 


+ Section A.24.1, “Converting NetWare 6.5 Cluster to OES 2 Linux,” on page 92 
+ Section A.24.2, “Planning the Cluster Conversion,” on page 93 
¢ Section A.24.3, “Planning the Conversion of Cluster Resources,” on page 93 


¢ Section A.24.4, “Planning the Conversion of Load and Unload Scripts,” on page 93 


A.24.1 Converting NetWare 6.5 Cluster to OES 2 Linux 


Location Change 


Section 5.1, “Converting NetWare Cluster Nodes to This procedure has been updated. 
OES 2 Linux (Rolling Cluster Conversion),” on page 29 
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A.24.2 


A.24.3 


A.24.4 


Planning the Cluster Conversion 


Location Change 


Section 2.15, “Using the Monitoring Function in Mixed- This section is new. 
Node Clusters Is Not Supported,” on page 15 


Planning the Conversion of Cluster Resources 


Location Change 


Chapter 3, “Planning the Conversion of Cluster This section is new. 
Resources,” on page 17 


Planning the Conversion of Load and Unload Scripts 


Location Change 


Section 4.6, “Comparing File Access Protocol This section is new. 
Resource Script Commands,” on page 26 
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